retrospective-codify
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by converting potentially untrusted task history into persistent rules.
- Ingestion points: Processes session data including 'first attempt' failures and 'final solution' successes (Workflow Step 1).
- Boundary markers: Explicitly mandates a user review and confirmation step (Step 6) where the proposed changes are shown as a diff before being written to files.
- Capability inventory: The skill is capable of modifying global and project-level configuration files such as ~/.claude/CLAUDE.md, new skill files in ~/.claude/skills/, and project-specific lint rules.
- Sanitization: The security of the codified insight relies on the agent's summary logic and the final human approval gate.
- [COMMAND_EXECUTION]: Uses local shell commands to search existing configuration for duplicate rules.
- Evidence: Workflow Step 4 utilizes ls and Grep to check ~/.claude/skills/*/SKILL.md and CLAUDE.md files in both the user's home directory and the project root.
Audit Metadata