accessibility-fix
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill identifies and fetches external HTML, CSS, and plain content variants from URLs provided by the user to perform a WCAG 2.1 AA audit.
- [COMMAND_EXECUTION]: The instructions suggest using the
curltool to retrieve raw HTML content. This is recommended to ensure that essential accessibility attributes likearia-*,alt, androleare preserved for analysis, as markdown conversion tools might strip them. - [PROMPT_INJECTION]: The skill processes untrusted external data from the web, which presents an indirect prompt injection surface. The analysis of this risk is as follows:
- Ingestion points: External URLs provided by the user, specifically the main page and associated navigation/footer components (SKILL.md).
- Boundary markers: The instructions contain a dedicated 'External Content Safety' section requiring the agent to only fetch user-provided URLs and treat all data as untrusted.
- Capability inventory: The agent uses fetching tools (like
curl) and parsing logic to evaluate HTML elements and CSS variables. - Sanitization: The skill explicitly forbids the execution of scripts or interpretation of dynamic content within the fetched data, mitigating the risk of malicious code execution during the audit.
Audit Metadata