pmo-retrospective
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external project data.
- Ingestion points: Gate 2 (Data Collection) and Gate 3 (Reflection) in
SKILL.mdinvolve gathering metrics, variance explanations, and session data from external project contexts. - Boundary markers: None identified. The instructions do not define delimiters or provide 'ignore embedded instructions' warnings for the data being gathered.
- Capability inventory: The skill performs file-write operations to the
docs/pmo/directory for each gate output. - Sanitization: There is no mention of escaping, validation, or filtering of the incoming project data before it is incorporated into the retrospective reports.
Audit Metadata