The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches the axe-core auditing engine from Cloudflare's CDN (cdnjs.cloudflare.com). This is a well-known and trusted source for web libraries.
[COMMAND_EXECUTION]: A setup script (setup.sh) is provided to install necessary Node.js packages and the Playwright browser. These are standard requirements for the skill's operation.
[REMOTE_CODE_EXECUTION]: The skill injects the axe-core script into the browser context to perform its analysis. This is a legitimate and intended use of browser automation for accessibility testing.
[PROMPT_INJECTION]: The skill reads external sitemaps and web page DOM structures. While this presents a surface for indirect prompt injection, the skill's focus on extracting specific technical attributes for reporting rather than interpreting page content as instruction minimizes the risk.

a11y-audit