The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands including git, find, grep, and wc to analyze the repository's commit history and file structure. These operations are read-oriented and typical for a code analysis tool.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes commit messages, which are external data that could be controlled by an attacker. A malicious commit message could attempt to manipulate the retrospective's output.
Ingestion points: Git commit subjects and author names retrieved via git log commands in SKILL.md.
Boundary markers: Absent; the skill does not use specific delimiters to separate untrusted commit data from its instructions.
Capability inventory: The skill has the ability to execute shell commands and write to the local file system (saving history to the memory/ directory) as seen in SKILL.md.
Sanitization: No sanitization or validation of the commit data is performed before it is processed by the AI.

gstack-openclaw-retro