Skills
skills/gsmlg-dev/code-agent/a11y-debugging/Gen Agent Trust Hub

a11y-debugging

Warn

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a Node.js one-liner via the shell (node -e) to filter and extract failure data from locally stored Lighthouse JSON reports.
  • [EXTERNAL_DOWNLOADS]: Fetches accessibility documentation and guidelines from the web.dev service in markdown format. This utilizes a well-known service for documentation purposes.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the accessibility tree and browser console of external websites while possessing capabilities like shell command execution and browser script injection.
  • Ingestion points: Data enters the agent's context through the take_snapshot and list_console_messages tools as described in SKILL.md.
  • Boundary markers: No delimiters or instructions to ignore potential commands within the audited content are present.
  • Capability inventory: The skill allows the agent to execute Node.js commands, run browser-side JavaScript via evaluate_script, and perform UI interactions.
  • Sanitization: There is no evidence of sanitization or structural validation for the ingested accessibility tree or console data before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 27, 2026, 06:32 AM
Security Audit — agent-trust-hub — a11y-debugging