retro
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard command-line tools such as
git,grep, andwcto extract quantitative metrics from the local repository (e.g., commit counts, files changed). These commands are used as intended for project analysis. - [DATA_EXFILTRATION]: The skill reads project-specific artifacts (e.g.,
INTAKE.md,PLAN.md) to pre-populate the retrospective context. This data ingestion is restricted to the local filesystem, with no network-based exfiltration paths detected. - [PROMPT_INJECTION]: The skill ingests untrusted data from project files which presents a surface for indirect prompt injection. However, the potential impact is low because the skill's capabilities are restricted to local file operations and reporting, and it explicitly mandates human review for its 'Skill Patch' feature. Evidence: Ingestion points include
INTAKE.md,PLAN.md,BUILD-LOG.md,REVIEW.md, andLESSONS.md(found in SKILL.md and references/SHARED-PREAMBLE.md); boundary markers are absent; capabilities include git commands and local file writing; sanitization is not explicitly defined.
Audit Metadata