The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from local session snapshots, learnings logs, and telemetry files, creating a potential surface for indirect prompt injection. An attacker with the ability to modify these local files could attempt to inject instructions that the agent might follow during the retrospective process. Ingestion points: File reads from ~/.smtm/sessions/, ~/.smtm/projects/{slug}/learnings.jsonl, and ~/.smtm/analytics/skill-usage.jsonl. Boundary markers: None present to distinguish data from instructions. Capability inventory: The skill reads session and analytics data and writes output files to ~/.smtm/projects/{slug}/retros/. Sanitization: No explicit validation or sanitization of file content is mentioned.
[NO_CODE]: The skill consists entirely of markdown instructions for the AI agent and does not include any Python scripts, Node.js code, or shell commands, which significantly reduces the risk of direct malicious execution.

money-retro