skills/openaec-foundation/frontend-design-claude-skill-package/frontend-agents-a11y-perf-consistency-auditor/Gen Agent Trust Hub
frontend-agents-a11y-perf-consistency-auditor
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's instructions and reference files are consistent with its stated purpose of auditing UI components and project files. No obfuscation, data exfiltration, or persistence mechanisms were detected.
- [COMMAND_EXECUTION]: In references/methods.md and references/anti-patterns.md, the skill documentation includes example commands for running local validator scripts using absolute paths (e.g., /home/freek/GitHub/Skill-Package-Workflow-Template/scripts/validate-line-count.js). These are informative examples for the user rather than malicious instructions for the agent.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to read and analyze untrusted project files (*.html, *.js, *.ts, *.css, *.md).
- Ingestion points: Files are loaded via the 'Read source materially' instruction in SKILL.md.
- Boundary markers: The instructions do not define specific delimiters or warnings for the agent when processing this untrusted content.
- Capability inventory: The skill is limited to reading files and generating audit reports; it does not instruct the agent to execute the code it analyzes.
- Sanitization: No specific sanitization or filtering of the ingested content is mentioned.
Audit Metadata