Skills
skills/anian0/pick-skills/specstory-sync/Gen Agent Trust Hub

specstory-sync

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses the ~/.claude/projects/ directory to read session history JSONL files. While this data contains sensitive conversation logs, the script processes it entirely on the local machine to generate backups within the project's .specstory/history/ directory. No network exfiltration or external data exposure mechanisms were found.
  • [COMMAND_EXECUTION]: The skill modifies the agent's platform configuration file (.claude/settings.json) to register a Stop event hook. This hook is designed to automatically execute a local Python script (sync_to_spec.py) whenever the agent finishes a response. While this involves automated execution, the commands are directed at local project-specific scripts.
  • [REMOTE_CODE_EXECUTION]: No remote code execution patterns were detected. All scripts are provided within the skill package, and no instructions point to downloading or running code from third-party remote servers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 01:45 AM