agile-retro
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists exclusively of markdown instructions and does not include any executable scripts, binary files, or shell commands. It relies on the agent's native capabilities to read project artifacts and write a summary report.- [PROMPT_INJECTION]: The skill instructions require the agent to ingest external, potentially untrusted data such as user feedback and project reports. This represents an indirect prompt injection surface; however, the skill possesses no high-impact tools (e.g., shell access, network exfiltration) that would allow such an injection to be exploited beyond influencing the report output.
- Ingestion points: Status reports, sprint metrics, and user/stakeholder feedback (SKILL.md).
- Boundary markers: None defined in the skill instructions.
- Capability inventory: The skill is limited to text analysis and generating a markdown report in a local project directory.
- Sanitization: No sanitization or filtering of input data is specified.
Audit Metadata