retro-workspace
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes potentially attacker-influenced data (error logs, conversation history, terminal logs) to generate updates for workspace configuration files.
- Ingestion points: Error logs, Git diffs, conversation history, and terminal history (SKILL.md).
- Boundary markers: None specified in the instructions to separate data from instructions.
- Capability inventory: Ability to modify .github/**, AGENTS.md, and repository scripts/tasks (SKILL.md).
- Sanitization: A 'Scope Gate' is defined to exclude secrets, personal information, and environment-specific values (SKILL.md).
Audit Metadata