skills/clubmediterranee/ai-core/a11y-audit/Snyk

a11y-audit

Warn

Audited by Snyk on Apr 13, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses arbitrary public sitemaps via "WebFetch: GET [sitemap_url]" and then uses browser_navigate/browser_evaluate to visit live pages and inject/run scripts (axe-core from the CDN) and extract DOM content, so it ingests untrusted third‑party web content that can directly influence audit results and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill injects and executes remote JavaScript at runtime from the CDN URL https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.10.2/axe.min.js (used as the primary axe-core source), which fetches and runs external code the skill relies on for audits.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 13, 2026, 12:32 PM

Issues

2