Skills
skills/aiskillstore/marketplace/accessibility/Gen Agent Trust Hub

accessibility

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of auditing untrusted HTML provided by the user.
  • Ingestion points: Multiple prompt templates in SKILL.md (e.g., 'Check this HTML snippet', 'Audit the following page content') invite the input of external data into the agent's context.
  • Boundary markers: The templates use basic placeholders like [paste HTML here] but lack explicit delimiters or instructions to ignore potentially embedded malicious commands within the HTML data.
  • Capability inventory: The skill possesses no internal executable scripts, file-system writing capabilities, or network-enabled tool configurations, which significantly limits the potential impact of an injection.
  • Sanitization: There are no instructions for the agent to sanitize or filter the provided HTML content before analysis.
  • [PROMPT_INJECTION]: The file skill-report.json contains self-referential safety claims and audit summaries (e.g., 'Verdict: SAFE', 'is_blocked: false') intended to influence security evaluators. This represents a targeted attempt at indirect prompt injection against the analysis environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 11:10 AM
Security Audit — agent-trust-hub — accessibility