retro
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design, as it processes potentially untrusted data to influence future agent behavior.\n
- Ingestion points: Data is ingested from session transcripts (via
session_readin OpenCode or context reconstruction),LESSONS.mdfiles (global and project-local), and existing project configuration files likeAGENTS.md.\n - Boundary markers: Injected lessons are delimited using markdown headers (
## Relevant Lessons) and specific HTML comment markers (<!-- lessons-injected: ... -->).\n - Capability inventory: The skill possesses capabilities for bash execution (
scripts/retro-lessons.sh), file system writes (modifying lessons and project configuration files), and git operations (staging and committing changes).\n - Sanitization: Sanitization of ingested data is minimal, though the Cline hook includes basic quote escaping for the JSON payload. The system relies primarily on boundary markers rather than robust input filtering.
Audit Metadata