vp-retro
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists exclusively of instructional Markdown and configuration files. It contains no executable scripts, binaries, or external code dependencies.
- [COMMAND_EXECUTION]: The skill instructions include strict negative constraints, explicitly stating that the agent must not execute commands, commit code, or modify any files based on the retrospective findings.
- [DATA_EXFILTRATION]: No network exfiltration or unauthorized file access patterns were detected. The skill includes a 'risk-reviewer' dimension which is a defensive measure to help users detect accidental secret exposure in their session history.
- [PROMPT_INJECTION]: The skill processes untrusted data from session history, which constitutes an indirect prompt injection surface. However, the lack of dangerous capabilities (write/execute) mitigates the potential impact.
- Ingestion points: Session conversation history is ingested during the 'Observation' phase in SKILL.md.
- Boundary markers: No specific boundary markers or delimiters are defined to isolate the session content.
- Capability inventory: The skill is restricted to reading repository files and documentation as outlined in the subagent-guide.md, while write and execute permissions are explicitly denied.
- Sanitization: No explicit sanitization or filtering logic for session data is provided.
Audit Metadata