Skills
skills/jamditis/claude-skills-journalism/accessibility-compliance/Gen Agent Trust Hub

accessibility-compliance

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes a Python script for accessibility audits that fetches the axe-core library from Cloudflare's public CDN (cdnjs.cloudflare.com). This is a standard and legitimate practice for incorporating established auditing tools into web automation workflows.
  • [PROMPT_INJECTION]: The generate_alt_text_prompt function creates prompts by interpolating external variables like headline and caption directly into a template. This lacks sanitization or boundary markers, creating a surface for indirect prompt injection where malicious content in a processed news story could attempt to influence the AI's output.
  • Ingestion points: headline and caption context variables in the Python helper within SKILL.md.
  • Boundary markers: No delimiters or isolation instructions are used for the untrusted data.
  • Capability inventory: The skill provides read-only auditing and prompt generation logic, with no direct file-writing or system-level capabilities.
  • Sanitization: External strings are used verbatim without escaping or verification.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 01:25 AM