specstory-link-trail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill parses session history and extracts "URLs" and "context" from WebFetch calls and instructs the assistant to present the raw report, which can cause any embedded secrets (tokens in headers or query strings, cookies, API keys) stored in the history to be output verbatim—there is no instruction to redact or avoid exposing secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly parses local SpecStory history files (".specstory/history" per SKILL.md) using parse_webfetch.py and extract_urls_context.py to ingest WebFetch tool results and extracted URLs (including content from public sites like stackoverflow.com, docs.python.org, github.com shown in the docs), so untrusted third‑party page content is read and summarized as part of its workflow and could influence follow-up actions.