skills/jamditis/claude-skills-journalism/accessibility-compliance/Snyk

accessibility-compliance

Warn

Audited by Snyk on May 11, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The "Testing tools" section defines run_accessibility_audit(url: str) which uses Playwright to page.goto(url) and injects axe-core from a CDN, ingesting and returning violations and HTML nodes from arbitrary public webpages that the agent would read and act on, so untrusted third‑party content can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The run_accessibility_audit function injects and executes remote JavaScript at runtime via page.add_script_tag(url='https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.7.2/axe.min.js'), so the skill fetches and runs external code that the audit depends on.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 11, 2026, 01:24 AM

Issues

2