The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute various git commands for gathering project context and history, including git branch, git log, git diff, and git shortlog.- [COMMAND_EXECUTION]: Optionally executes build and test commands defined in project configuration files (CLAUDE.md or package.json) to verify project status during the retrospective.- [SAFE]: Dynamic context injection (using the !command`` syntax) is employed to retrieve the current branch name, recent commits, and modified files. These are benign development workflow commands intended for status reporting.- [SAFE]: The skill reads project logs and framework-specific state files (e.g., in .solo/ and ~/.solo/) to perform its analysis. This behavior is restricted to the local file system and consistent with the skill's stated purpose.- [PROMPT_INJECTION]: Indirect prompt injection surface: the skill ingests potentially untrusted data from pipeline logs and git history to generate reports and suggest code patches.
Ingestion points: Reads content from pipeline.log, iter-*.log, progress.md, and git history logs.
Boundary markers: Uses tag-based parsing (e.g., START, STAGE, SIGNAL) rather than strict delimiters for untrusted input content.
Capability inventory: Has access to Bash, Write, and Edit tools across multiple phases.
Sanitization: Uses sed to strip ANSI escape codes from iteration logs before processing.
Mitigation: Implementation of Phase 8 requires explicit user approval via AskUserQuestion before any suggested patches are applied via the Edit tool, providing a robust human-in-the-loop defense against automated malicious actions.

solo-retro