Skills
skills/teambrilliant/tap-skills/retrospective/Gen Agent Trust Hub

retrospective

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git log and gh CLI commands to gather evidence from the repository's history and management tools.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes external data sources like PR review comments and commit messages which could contain malicious instructions.
  • Ingestion points: Git logs, GitHub PR/issue lists, PR review comments, and CI logs as specified in SKILL.md.
  • Boundary markers: No specific delimiters or instruction-ignore warnings are defined for the ingested data.
  • Capability inventory: Uses gh issue create to generate improvement tickets and appends data to .tap/learnings.md.
  • Sanitization: The skill lacks explicit sanitization or validation logic for the content it reads from external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 11:09 AM