Skills
skills/jubscodes/get-shit-pretty/gsp-accessibility-audit/Gen Agent Trust Hub

gsp-accessibility-audit

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from the local project and passes it to an agent with broad capabilities.
  • Ingestion points: The skill reads design chunks and codebase files from the project directory in Steps 3 and 4.
  • Boundary markers: There are no delimiters or specific instructions to the sub-agent to ignore embedded commands within the audited files.
  • Capability inventory: The agent environment allows the use of Bash, Write, Edit, Grep, Glob, and Agent tools, which could be misused if a malicious file overrides agent behavior.
  • Sanitization: The skill does not sanitize or validate the content of the design or code files before they are interpreted by the agent.
  • Mitigations: The skill instructions require the use of AskUserQuestion for all user interactions, which ensures a level of human-in-the-loop oversight for agent decisions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 04:01 AM