website-spec

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [SAFE]: The skill is a documentation-only resource consisting of markdown files that define 'The Website Specification.' It contains no executable scripts, binaries, or automated deployment code.
  • [NO_CODE]: No code or runtime dependencies are bundled with this skill. It functions as a structured knowledge base for AI agents to perform website quality audits.
  • [SAFE]: Educational references to security concepts, such as homoglyph-based domain spoofing (homograph attacks) in the Internationalisation section, are documented with pedagogical examples (e.g., 'paypal' using Cyrillic characters). These are benign in context.
  • [SAFE]: Indirect Prompt Injection Surface. The auditing workflows involve fetching and analyzing content from untrusted external URLs.
  • Ingestion points: External URLs provided by the user for website auditing (SKILL.md).
  • Boundary markers: Not explicitly defined in the skill instructions.
  • Capability inventory: Instructions to use curl and browser inspection tools for verification steps (SKILL.md).
  • Sanitization: The skill relies on the agent's default processing safety when interacting with external site data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:25 AM
Security Audit — agent-trust-hub — website-spec