validate-spec
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- Metadata Poisoning (MEDIUM): The skill metadata references a future model version ('claude-opus-4-5-20251101') that does not currently exist. This is a deceptive practice that can misrepresent the capabilities and testing status of the skill.
- Indirect Prompt Injection (MEDIUM): The skill functions as an analyzer of untrusted external content (specs and code). Because its output is used for critical project approval steps, it is vulnerable to attackers embedding instructions in those files to bypass validation checks.
- Ingestion points: Accesses specification files and source code referenced in the spec via Read and Grep tools.
- Boundary markers: No delimiters or safety instructions are defined to separate the untrusted file content from the agent's analysis instructions.
- Capability inventory: Utilizes Read, Glob, and Grep. While read-only, these tools feed into decision-making processes regarding 'Ready for approval' and 'Implementation compliance'.
- Sanitization: There is no logic to sanitize or filter the content of the analyzed files for embedded instructions.
- NO_CODE (INFO): The skill contains no executable scripts (Python/JavaScript), only markdown instructions and YAML metadata, which limits the potential for direct code-based attacks.
Audit Metadata