The Agent Skills Directory

[COMMAND_EXECUTION]: In scripts/scan.js, the skill executes shell commands via execSync to install missing dependencies. The browser argument is interpolated directly into the command string without sanitization, which could allow for command injection.
[EXTERNAL_DOWNLOADS]: The skill automatically installs dependencies such as axe-core and puppeteer from the NPM registry if they are not found. This is managed by the ensureDependency function in scripts/scan.js.
[REMOTE_CODE_EXECUTION]: The script scripts/scan.js uses dynamic imports via import() with paths constructed at runtime to load browser automation modules. It also injects the axe-core source code into the browser context using page.evaluate().
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted project data. Ingestion points: scripts/discover.js fetches HTML content and sitemaps from the project's runtime URL. Boundary markers: Absent; the skill does not use delimiters to prevent the agent from following directions embedded in the crawled content. Capability inventory: scripts/scan.js can execute shell commands via execSync and perform file writes. Sanitization: Absent; HTML content is parsed using regular expressions for link discovery and structural analysis without filtering.

a11y-audit