specstory-link-trail
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected. The skill performs local file parsing and reporting as described in its documentation.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute its own Python scripts. This usage is restricted to the skill's directory and project history files, serving the intended purpose of data processing and report generation. - [PROMPT_INJECTION]: The skill parses untrusted data from session history files (e.g., content fetched from the web). It incorporates basic sanitization by escaping markdown table delimiters to prevent structural breakage of the generated report. Because the skill has no network or shell execution capabilities, the risk of indirect prompt injection is minimal.
- [DATA_EXFILTRATION]: While the skill reads local session history files, it does not contain any network-facing code (e.g., curl, wget, or requests) to send this data externally. All output is directed to stdout for the user to review.
Audit Metadata