Problem
Sensei v1.2.0+ includes a spec-security check that validates:
- No XML angle brackets (
< >) in frontmatter values (injection risk)
- Skill name does not use reserved prefixes (
claude-, anthropic-)
Waza has no equivalent check.
Expected Behavior
Add a SpecSecurityChecker to internal/checks/ that:
- Flags XML angle brackets in frontmatter description and other string fields
- Flags skill names starting with
claude- or anthropic- (reserved per Anthropic guide p31)
- Returns
StatusWarning for violations
References
- spboyer/sensei
references/scoring.md — spec-security check definition
- Anthropic Complete Guide to Building Skills, p31
Acceptance Criteria
Problem
Sensei v1.2.0+ includes a
spec-securitycheck that validates:< >) in frontmatter values (injection risk)claude-,anthropic-)Waza has no equivalent check.
Expected Behavior
Add a
SpecSecurityCheckertointernal/checks/that:claude-oranthropic-(reserved per Anthropic guide p31)StatusWarningfor violationsReferences
references/scoring.md— spec-security check definitionAcceptance Criteria
SpecSecurityCheckerininternal/checks/< >in frontmatter