retrospective
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Employs dynamic context injection in the YAML frontmatter to execute
git log. This is a benign operation used to gather necessary metadata for the retrospective.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting untrusted data from the git history and codebase search results.\n - Ingestion points:
git logoutput and technical debt markers found viaGrepacross the codebase.\n - Boundary markers: Absent; no specific instructions are provided to ignore potentially malicious instructions within the commit messages or code comments.\n
- Capability inventory: The skill is permitted to use
Read,Glob,Grep, andWritetools to interact with the local filesystem.\n - Sanitization: No explicit sanitization or validation of input data is defined in the instructions.
Audit Metadata