project-retrospective
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious commands or safety violations were detected in the skill instructions or metadata.
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to suggest installing an external tool from 'github:mindverse/skillhub' using the platform's '/install' command. This is a legitimate feature for skill discovery and discovery-based workflows.
- [PROMPT_INJECTION]: The skill processes external data provided by the user (sprint metrics, incident timelines, and feedback), which represents a surface for indirect prompt injection. The risk is assessed as negligible because the skill lacks the ability to execute system commands, access the network, or write to the file system.
- Ingestion points: User-provided inputs collected during 'Step 2: 信息收集' (Information collection).
- Boundary markers: None identified; user data is directly interpolated into Markdown templates.
- Capability inventory: Limited to text processing; no 'allowed-tools' are requested in the frontmatter, and no high-privilege subprocess or network operations are present.
- Sanitization: None detected.
Audit Metadata