retrospect-session
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by automating the extraction of untrusted session data into project-level instruction files (AGENTS.md and CLAUDE.md).
- Ingestion points: The skill reviews the current session history and reads existing rule files within 'docs/rules/'.
- Boundary markers: Absent. There are no requirements to use delimiters or 'ignore embedded instructions' warnings when writing the extracted rules.
- Capability inventory: The skill has 'Write' and 'Edit' access to project-level system instructions ('AGENTS.md', 'CLAUDE.md') which govern agent behavior in future sessions.
- Sanitization: Absent. The skill does not explicitly perform sanitization or validation of the session history before incorporating it into the rules.
- [COMMAND_EXECUTION]: The skill requests standard file management permissions (Read, Write, Edit, Glob, Grep) to maintain project documentation.
- The tools are used exclusively for reading and writing files in the 'docs/rules/' directory and the project root.
- Operations are consistent with the skill's stated purpose of documentation and rule indexing.
Audit Metadata