retro
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard utilities including
ls,rg(ripgrep), andjqto locate and parse JSONL log files. These commands are used as intended for local data analysis within the user's home directory (~/.pi/). - [DATA_EXPOSURE]: The skill accesses session logs in
~/.pi/agent/sessions/and orchestration metadata in the current project directory. These files contain history of tool executions and agent messages. The analysis is performed locally, and results are written to the project's documentation folder (docs/retros/). No data is transmitted externally. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill processes
*.jsonlfiles from~/.pi/agent/sessions/and.orchestration-logs/, which contain outputs from previous agent interactions and external tools. - Boundary markers: There are no explicit delimiters used when the agent reads and summarizes these logs.
- Capability inventory: The skill has the capability to execute shell commands (
ls,rg,jq) and write new documentation files. - Sanitization: No content filtering is applied to the logs before they are analyzed for the retrospective.
- This creates a surface where malicious content previously ingested by the agent and stored in its logs could influence the content of the generated retrospective or action plan. However, the skill includes a guardrail requiring user confirmation before applying any suggested document changes.
Audit Metadata