The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/lib/utils.py uses subprocess.run to execute the git blame command for identifying the author of history files. The command is invoked safely using a list of arguments without a shell, minimizing the risk of shell injection.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted content from .specstory/history/*.md files (ingestion point) and provides this data to the LLM for mandatory summarization as directed in SKILL.md. There are no boundary markers or explicit instructions to ignore embedded commands (boundary markers absent). Capability inventory includes local command execution (git) and file system writes. No sanitization or validation of the history content is performed before processing.

specstory-yak