skill-retro
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js script (
preprocess.mjs) to clean session logs and uses thermcommand to delete temporary transcript files. These operations are restricted to internal Claude Code data directories.- [PROMPT_INJECTION]: The skill features an indirect prompt injection surface by processing session transcripts that could contain malicious instructions designed to influence the analysis sub-agent.\n - Ingestion points: Session log files (JSONL) located in
~/.claude/projects/, which are processed byscripts/preprocess.mjs.\n - Boundary markers: None; the
references/analysis-prompt.mddoes not define specific delimiters or instructions for the sub-agent to ignore embedded commands within the transcript.\n - Capability inventory: The skill can modify other skills' source code via the
skill-creatorsub-agent and delete local files usingrm.\n - Sanitization: The preprocessing script removes system-reminder tags but lacks sanitization for potential prompt injection payloads within the user or assistant messages.- [SAFE]: The skill's access to session data and its ability to modify code are consistent with its primary purpose as a development and optimization tool. All significant actions, including path resolution and code implementation, require explicit user approval, providing a robust defense against automated exploitation.
Audit Metadata