specification-architect
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONSAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from external websites during its research phase (Phase 0), which creates an attack surface for instructions embedded in retrieved content. 1. Ingestion points: Web content retrieved via WebFetch. 2. Boundary markers: Absent in provided markdown templates. 3. Capability inventory: Local file system read/write operations and execution of local validation scripts. 4. Sanitization: None identified in the provided files.
- External Downloads (LOW): Automated scans reported a malicious URL signature associated with a file named 'requirements.md'. This file is not present in the provided skill package, and all URLs in the provided sample documents point to legitimate documentation sites. This is classified as a low-severity advisory due to the lack of evidence in the provided source code.
- Command Execution (SAFE): The skill includes 'validate.sh' and 'validate_specifications.py' to verify document consistency. These scripts utilize standard Python libraries and perform only the documented parsing and reporting tasks without malicious side effects.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata