accessibility
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's operations are strictly aligned with its stated purpose of accessibility auditing. It performs local file reads and writes within the project structure to document findings.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for performing deterministic calculations, such as relative luminance for WCAG contrast ratios, and for file system navigation using Glob and Grep. These actions are scoped to the audit tasks.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill reads content from the codebase, design chunks, and configuration files (
config.json,palettes.json,tokens.json) during its audit processes. - Boundary markers: None explicitly defined in the instructions, though the skill relies on standard agent behavior for file processing.
- Capability inventory: The skill has access to Bash, file writing, and the ability to spawn a sub-agent (
gsp-accessibility-auditor) to perform deep code/design analysis. - Sanitization: No explicit sanitization or filtering of the audited content is mentioned. While this represents a surface for indirect prompt injection (where malicious instructions could be embedded in the code or design files being audited), it is a standard risk for any auditing tool and no exploitation patterns were found.
Audit Metadata