retro
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by processing untrusted data from git logs.
- Ingestion points: Commit messages and author names are retrieved via
git logcommands inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are provided when the data is interpolated into the narrative generation prompt.
- Capability inventory: The skill has permissions to execute
Bashcommands andWritefiles to the.context/retros/directory as defined inSKILL.md. - Sanitization: There is no sanitization, escaping, or validation of the commit history data before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: Synchronizes the local repository with the remote server using
git fetch origin mainto ensure analysis is performed on the most recent commit history.
Audit Metadata