Skills
skills/geoffreycrofte/luxembourg-accessibility-skillset/raweb-audit/Gen Agent Trust Hub

raweb-audit

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes local helper scripts (raweb-lookup.sh, raweb-component-lookup.sh) to retrieve specific accessibility criteria, testing methodologies, and ARIA component specifications.
  • [COMMAND_EXECUTION]: Utilizes shell utilities like grep to perform automated analysis of user-provided code files, scanning for common accessibility anti-patterns such as missing alt text or incorrect tabindex usage.
  • [DYNAMIC_CONTEXT_INJECTION]: Employs the !command syntax to execute a local script at load time, populating the skill's context with a list of relevant accessibility topics for the agent to reference.
  • [PROMPT_INJECTION]: Presents a standard surface for indirect prompt injection because the skill's primary function is to ingest and audit untrusted source code provided by the user.
  • Ingestion points: Reads code files using Grep and Read tools for audit purposes.
  • Boundary markers: None specified in the instructions to separate audited code content from the agent's logic.
  • Capability inventory: Access to file reading, shell command execution, and local script lookups.
  • Sanitization: Does not define specific sanitization or escaping protocols for audited content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 10:56 PM