specstory-yak
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes
git blameviasubprocess.runinscripts/lib/utils.pyto identify the creator of session history files. This execution is restricted to the local filesystem and specific project files. - [PROMPT_INJECTION]: The skill processes untrusted text from
.specstory/historymarkdown files, creating a surface for indirect prompt injection. - Ingestion points: Session messages are extracted from markdown files in
scripts/lib/parser.py. - Boundary markers: None identified; the parsing logic does not isolate message content with delimiters.
- Capability inventory: The skill performs file reads and executes the
gitcommand. - Sanitization: No content sanitization is applied to the extracted text before it is summarized by the LLM.
- [EXTERNAL_DOWNLOADS]: Installation instructions in
scripts/lib/utils.pypoint to the official SpecStory GitHub repository and documentation, which are trusted sources for this specific utility.
Audit Metadata