specstory-yak
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses
subprocess.runwith a list-based argument structure to executegit blame. This follows security best practices by avoiding shell invocation and preventing command injection vulnerabilities.\n- [DATA_EXFILTRATION] (SAFE): The skill processes markdown files from the local.specstory/historydirectory. All data handling is performed locally, and no network-capable libraries or external communication commands were found.\n- [PROMPT_INJECTION] (LOW): The skill ingests untrusted data from previous chat sessions. Since the output is intended to be summarized by an LLM, it presents an indirect prompt injection surface.\n - Ingestion points: markdown files located in
.specstory/history(processed in scripts/analyze.py)\n - Boundary markers: None (the report is output as raw text/markdown)\n
- Capability inventory:
subprocess.run(git), local file system read/write\n - Sanitization: None (message content is truncated for the report but not escaped)
Audit Metadata