Skills
skills/fradser/dotclaude/retrospective/Gen Agent Trust Hub

retrospective

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external, potentially untrusted data from evaluation reports and git logs to influence future agent behavior.
  • Ingestion points: Reads evaluation reports (evaluation-round-*.md), git logs, and MEMORY.md to identify failure patterns.
  • Boundary markers: No explicit delimiters or boundary markers are defined to separate untrusted data from instructions during the analysis process.
  • Capability inventory: The skill has access to Bash(python3:*), Bash(git:*), Write, and Edit tools, allowing it to execute scripts and modify files.
  • Sanitization: The documentation does not specify sanitization or validation routines for data extracted from files before it is used to generate new checklist items.
  • [COMMAND_EXECUTION]: The skill generates executable shell commands and writes them to checklist files based on its analysis of external data.
  • Evidence: The analysis patterns described in references/analysis-patterns.md involve creating Check method entries for checklist items, which are explicitly defined as executable grep or exit-code checks.
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to perform complex repository analysis and system operations.
  • Evidence: The skill's frontmatter grants access to Bash(python3:*), Bash(git:*), and several internal utility scripts (e.g., seed-checklists.sh, post-plan-diff.sh, jsonl-emit.sh) located in the plugin's library directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 05:42 AM
Security Audit — agent-trust-hub — retrospective