The Agent Skills Directory

[SAFE]: The skill operates entirely on local files within the skill directory and project-specific audit directories (docs/audits/ or audit-artifacts/). It does not make any network requests or attempt to access sensitive system data such as credentials or SSH keys.
[SAFE]: No obfuscation, hidden instructions, or malicious patterns were detected in the instructions, playbooks, or metadata.
[SAFE]: The shell script provided in evals/run-static-checks.sh is used for static validation of the skill's structure and word counts. It utilizes standard command-line tools and a small embedded Python snippet for CSV parsing, without any remote code execution or external downloads.
[SAFE]: External URL references in skill.json point to the official W3C Web Accessibility Initiative (WAI) standards, which are trusted sources for the skill's primary function of accessibility auditing.
[SAFE]: While the skill analyzes potentially untrusted user-provided data (like interface code snippets), its operations are limited to documentation generation. It lacks the capabilities (such as network access or shell execution of ingested data) that would present a risk for indirect prompt injection.

ux-audit