retro
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Bash shell commands to calculate metrics, including git, grep, and wc. It also executes dynamically determined 'project-specific' build and test commands, which could be exploited to run arbitrary code if the repository being analyzed contains malicious configurations.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it explicitly directs the agent to locate a 'LESSONS.md' file and 'apply those project-specific lessons' alongside its own internal rules.
- Ingestion points: Project artifacts including LESSONS.md, INTAKE.md, PLAN.md, BUILD-LOG.md, and REVIEW.md.
- Boundary markers: There are no delimiters or protective instructions used to separate the content of these external files from the agent's core instructions.
- Capability inventory: The skill is granted extensive capabilities including shell access (Bash) and file manipulation tools (Read, Write, Edit, Glob, Grep).
- Sanitization: Content read from project artifacts is used directly without sanitization or validation to influence the retrospective report and the agent's subsequent reasoning.
Audit Metadata