project-retrospective

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Spawns parallel background sub-agents using the Agent tool to process large session history files independently.
  • [SAFE]: Reads platform session exports from ~/.claude/exports/ and writes generated reports to docs/retros/. This file system access is directly tied to the skill's primary purpose of analyzing and documenting project history.
  • [PROMPT_INJECTION]: As the skill ingests and processes session logs containing user messages and past agent responses, it contains a surface for indirect prompt injection. The use of a strict extraction template for sub-agents serves as a mitigation factor.
  • Ingestion points: Session export text files in ~/.claude/exports/{project-name}/ (SKILL.md).
  • Boundary markers: Absent; the sub-agent prompt does not use delimiters to isolate log content from instructions.
  • Capability inventory: Sub-agent creation via Agent tool, and file system writes to docs/retros/ and MEMORY.md (SKILL.md).
  • Sanitization: Absent; the skill extracts data directly from logs without filtering (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 11:20 AM
Security Audit — agent-trust-hub — project-retrospective