specstory-session-summary
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses standard Unix utilities including ls, grep, tail, and head to process local files. These commands are confined to the .specstory/history directory and are used solely for content discovery and extraction.
- DATA_EXPOSURE (SAFE): The skill accesses application-specific history logs created by the user's coding sessions. It does not access sensitive system paths (like .ssh or .aws) and contains no network capabilities to exfiltrate data.
- PROMPT_INJECTION (SAFE): Analysis of the instructions shows no attempts to bypass safety filters, extract system prompts, or utilize role-play (DAN) injection techniques.
- INDIRECT_PROMPT_INJECTION (SAFE): The skill processes potentially untrusted data from history files for summarization.
- Ingestion points: Reads files located in .specstory/history/*.md.
- Boundary markers: No explicit delimiters are used in the prompt logic for the read content.
- Capability inventory: ls, grep, tail, head (read-only local operations).
- Sanitization: None; the agent directly interprets text for summarization.
- Risk Assessment: The risk is negligible as the skill performs a localized summarization task for the user without making external calls or executing logic found within the files.
Audit Metadata