retro
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (MEDIUM): The skill instructs the agent to run
python3 ~/.dotfiles/claude.symlink/skills/retro/extract_conversation.py.\n - The script's content is missing from the skill definition, preventing verification of its safety or behavior.\n
- The use of a hardcoded path in the user's home directory (~/.dotfiles) is a risk if the environment is not strictly controlled.\n- Indirect Prompt Injection (LOW): The skill processes untrusted historical session data.\n
- Ingestion points: Session JSONL files processed via the extraction script.\n
- Boundary markers: Absent. There are no instructions to the agent to disregard instructions found within the extracted text.\n
- Capability inventory: The agent executes shell commands and generates analysis reports based on ingested content.\n
- Sanitization: While the script claims to filter tool outputs, it retains text blocks which may contain malicious instructions intended to influence the retrospective report or subsequent agent actions.
Audit Metadata