retro-workspace

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes potentially attacker-influenced data (error logs, conversation history, terminal logs) to generate updates for workspace configuration files.
  • Ingestion points: Error logs, Git diffs, conversation history, and terminal history (SKILL.md).
  • Boundary markers: None specified in the instructions to separate data from instructions.
  • Capability inventory: Ability to modify .github/**, AGENTS.md, and repository scripts/tasks (SKILL.md).
  • Sanitization: A 'Scope Gate' is defined to exclude secrets, personal information, and environment-specific values (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 08:18 PM
Security Audit — agent-trust-hub — retro-workspace