retro
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it is designed to ingest and process data from external sources that may contain untrusted input.
- Ingestion points: The workflow involves reading git activity (commits, PRs merged, branches) and sprint status reports which are influenced by multiple contributors.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when handling content from the git history or reports.
- Capability inventory: The skill utilizes the TaskCreate tool to plan work and has permission to write reports to the plans/reports/ directory.
- Sanitization: There are no visible mechanisms for escaping or validating the content extracted from the git activity or status reports before it is used to generate retrospective output.
Audit Metadata