Skills
skills/jander99/skills/retro/Gen Agent Trust Hub

retro

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several local bash scripts to automate the retrospective workflow, including lesson retrieval and formatting.
  • Evidence: scripts/retro-lessons.sh performs text manipulation and file management operations using standard utilities like grep, sed, and cat.
  • [PROMPT_INJECTION]: The skill provides snippets to be added to instruction-bearing files like AGENTS.md and .cursorrules to modify agent behavior and ensure the retrospective tool runs automatically.
  • Evidence: references/auto-trigger.md contains an 'Auto-Retro Rule' intended to persist agent instructions across sessions.
  • Ingestion points: ~/.agents/lessons/LESSONS.md (read by scripts/retro-lessons.sh in the inject subcommand).
  • Boundary markers: Lessons are enclosed in ## Relevant Lessons blocks and tagged with <!-- lessons-injected: ... --> HTML comments.
  • Capability inventory: The skill is capable of executing shell scripts and modifying local configuration files based on the content of its logs.
  • Sanitization: Lesson content is extracted and placed into the context without specific escaping, which could allow instructions in the logs to be interpreted by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 08:34 PM