specstory-session-summary
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands, including
ls,grep, andtail, to list and extract content from local session history files. These operations are restricted to reading files within the.specstory/history/directory. - [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill processes untrusted data from session history files (
.specstory/history/*.md). Adversarial content within these files could attempt to influence the agent's summary output. - Ingestion points: Markdown history files located in the
.specstory/history/directory (SKILL.md). - Boundary markers: The skill instructions specify using
_**User**_and_**Assistant**_markers to identify message blocks (SKILL.md, session-parsing.md). - Capability inventory: Use of shell commands
ls,grep, andtailfor file discovery and reading (SKILL.md). - Sanitization: The instructions do not define specific sanitization or filtering logic for the content extracted from the history files before it is processed by the LLM.
Audit Metadata