website-spec
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is a documentation-only resource consisting of markdown files that define 'The Website Specification.' It contains no executable scripts, binaries, or automated deployment code.
- [NO_CODE]: No code or runtime dependencies are bundled with this skill. It functions as a structured knowledge base for AI agents to perform website quality audits.
- [SAFE]: Educational references to security concepts, such as homoglyph-based domain spoofing (homograph attacks) in the Internationalisation section, are documented with pedagogical examples (e.g., 'paypal' using Cyrillic characters). These are benign in context.
- [SAFE]: Indirect Prompt Injection Surface. The auditing workflows involve fetching and analyzing content from untrusted external URLs.
- Ingestion points: External URLs provided by the user for website auditing (SKILL.md).
- Boundary markers: Not explicitly defined in the skill instructions.
- Capability inventory: Instructions to use
curland browser inspection tools for verification steps (SKILL.md). - Sanitization: The skill relies on the agent's default processing safety when interacting with external site data.
Audit Metadata