accessibility-wcag
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform environment discovery by executing
lson common skill installation paths (e.g.,~/.claude/skills/,~/.agent/skills/) to determine if companion skills are present.\n- [PROMPT_INJECTION]: Indirect Prompt Injection surface evaluation.\n - Ingestion points: The skill processes user-provided source code, HTML, and UI component implementations provided during accessibility audits.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded content are defined for the processed user data.\n
- Capability inventory: The skill can execute local directory listings (
ls) and recommend the execution of installation commands (npx).\n - Sanitization: There is no specific evidence of sanitization or filtering for instructions that might be contained within the analyzed user code.\n- [EXTERNAL_DOWNLOADS]: The skill references and provides usage examples for standard accessibility auditing tools including
axe-core,lighthouse, andjest-axe. It also provides instructions for adding companion skills via thenpx skills addcommand using the vendor's repository.
Audit Metadata