retro
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands, including
git log,git fetch,grep,sort,uniq, andsed, to extract and transform repository data for analysis. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection as the skill ingests raw git commit messages into the agent's context. A malicious user could influence the agent's interpretation by including instructions in commit logs.
- Ingestion points: Commits are read via
git logand used to build the final narrative. - Boundary markers: None used to separate commit text from agent instructions.
- Capability inventory: The skill has read/write access to the
.context/retros/directory and can execute git commands. - Sanitization: None performed on commit subjects or messages.
- [DATA_EXFILTRATION]: Accesses local repository files such as
AGENTS.md,TODO.md, and previous retrospective JSON snapshots in.context/retros/to provide context and trend analysis.
Audit Metadata