session-retro
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes a mandatory 'Approval gate' (Step 2) that requires the user to explicitly approve every proposal using a multi-choice tool before the agent can apply any changes.
- [SAFE]: File modifications are restricted to standard project directories for documentation and agent configuration, such as '.agents/skills/' and 'docs/knowledge-base/', ensuring changes are scoped correctly.
- [COMMAND_EXECUTION]: The agent is instructed to run a repository verification policy and report the results in Step 4, which is a standard procedure to ensure system integrity after updates.
- [PROMPT_INJECTION]: The skill processes full conversation history to identify improvements, creating a surface for indirect prompt injection. Ingestion points: Full conversation context (SKILL.md). Boundary markers: Absent for ingestion phase. Capability inventory: Modifies agent behavior rules in 'AGENTS.md' and skills in '.agents/skills/'. Sanitization: Mitigated by the mandatory human-in-the-loop approval step (Step 2).
Audit Metadata