spec-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (CRITICAL): Automated URLite scanner identified a blacklisted malicious URL associated with the
requirements.mdfile mentioned in the workflow. This represents a confirmed security detection for a harmful remote resource. - [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface through the processing of user requirements. Ingestion points: Untrusted user input enters the workflow during the requirements gathering (Phase 1) and technical design (Phase 2) phases. Boundary markers: The skill utilizes explicit human-in-the-loop confirmation steps at the end of each development phase, which serves as a mitigation checkpoint. Capability inventory: The skill has permissions to write files to the
specs/directory andtasks.md, and it can invoke theinteractiveDialogtool. Sanitization: No sanitization or escaping of user-provided requirement strings is specified before the data is written to the local filesystem.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata