post-mortems-retrospectives
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): The skill instructions focus on leadership and project management rituals. No attempts to override system prompts or bypass AI safety filters were detected.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, API keys, or sensitive file paths (e.g., .ssh, .aws) are present. The skill does not perform any network requests.
- Remote Code Execution (SAFE): The skill consists entirely of Markdown text and contains no scripts (Python, Node.js, etc.) or commands to download/execute remote content.
- Indirect Prompt Injection (LOW): The skill is designed to process untrusted external data such as incident tickets, logs, and dashboard links.
- Ingestion points:
SKILL.md(Evidence available section) andINTAKE.md(Evidence inventory section). - Boundary markers: Delimiters for external data are not explicitly defined in the workflow.
- Capability inventory: The skill itself has no code-based capabilities (subprocess, eval, file-write, network) to be exploited.
- Sanitization: No specific sanitization or escaping of external content is mandated, though the skill explicitly advises against requesting secrets or personal data.
Audit Metadata