web-accessibility
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No evidence of malicious behavior, credential harvesting, or unauthorized persistence mechanisms was found.
- [EXTERNAL_DOWNLOADS]: The skill includes documentation references to well-known industry sources such as the W3C Web Accessibility Initiative, Mozilla Developer Network (MDN), and Google’s web.dev. These are reputable sources for technical guidelines.
- [COMMAND_EXECUTION]: The skill leverages shell tools (
Bash,Grep,Glob) for the legitimate purpose of scanning and auditing local project files for accessibility violations. Access is scoped to common file operations. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted web code from user projects, presenting a potential surface for indirect injection.
- Ingestion points: Reads HTML, JavaScript, and CSS files provided by the user (SKILL.md).
- Boundary markers: Absent; the skill does not use specific delimiters to wrap or neutralize instructions embedded within analyzed code.
- Capability inventory: Has access to
Bash,Read,Write,Grep, andGlobfor file manipulation. - Sanitization: No sanitization or validation is applied to external code content prior to analysis.
Audit Metadata