Security Audit
specstory-session-summary
github.com/specstoryai/agent-skillsTrust Assessment
specstory-session-summary received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include Unsanitized file paths in shell commands.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, dependency_graph, static_code_analysis. The llm_behavioral_safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit 9454d3f2). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsanitized file paths in shell commands The skill explicitly instructs the LLM to execute shell commands (`grep`, `tail`) using file paths. These file paths are derived from the output of an `ls` command (`ls -t .specstory/history/*.md`). If the filenames returned by `ls` contain shell metacharacters or path traversal sequences (e.g., `foo; rm -rf /; .md`), and these are directly interpolated into the shell commands without proper quoting or sanitization, it could lead to arbitrary command injection. This allows an attacker to execute arbitrary commands on the host system by creating specially named files in the `.specstory/history` directory. Ensure all file paths passed to shell commands are properly quoted (e.g., using `printf %q` in Bash) or sanitized to prevent shell metacharacter interpretation. The LLM execution environment should ideally handle this automatically or provide a safe API for file operations that do not involve direct shell interpolation of untrusted strings. | Unknown | SKILL.md:30 | |
| HIGH | Unsanitized file paths in shell commands The skill explicitly instructs the LLM to execute shell commands (`grep`, `tail`) using file paths. These file paths are derived from the output of an `ls` command (`ls -t .specstory/history/*.md`). If the filenames returned by `ls` contain shell metacharacters or path traversal sequences (e.g., `foo; rm -rf /; .md`), and these are directly interpolated into the shell commands without proper quoting or sanitization, it could lead to arbitrary command injection. This allows an attacker to execute arbitrary commands on the host system by creating specially named files in the `.specstory/history` directory. Ensure all file paths passed to shell commands are properly quoted (e.g., using `printf %q` in Bash) or sanitized to prevent shell metacharacter interpretation. The LLM execution environment should ideally handle this automatically or provide a safe API for file operations that do not involve direct shell interpolation of untrusted strings. | Unknown | SKILL.md:40 | |
| HIGH | Unsanitized file paths in shell commands The skill explicitly instructs the LLM to execute shell commands (`grep`, `tail`) using file paths. These file paths are derived from the output of an `ls` command (`ls -t .specstory/history/*.md`). If the filenames returned by `ls` contain shell metacharacters or path traversal sequences (e.g., `foo; rm -rf /; .md`), and these are directly interpolated into the shell commands without proper quoting or sanitization, it could lead to arbitrary command injection. This allows an attacker to execute arbitrary commands on the host system by creating specially named files in the `.specstory/history` directory. Ensure all file paths passed to shell commands are properly quoted (e.g., using `printf %q` in Bash) or sanitized to prevent shell metacharacter interpretation. The LLM execution environment should ideally handle this automatically or provide a safe API for file operations that do not involve direct shell interpolation of untrusted strings. | Unknown | SKILL.md:45 |
Scan History
Embed Code
[](https://skillshield.io/report/6af0d6be39ecd223)
Powered by SkillShield