scanning-for-accessibility-issues
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection. It is designed to ingest and analyze external web content (webpages, ARIA attributes). If a scanned page contains malicious instructions hidden in HTML comments or metadata, the agent could be manipulated into executing unauthorized actions.
- [COMMAND_EXECUTION] (HIGH): The skill explicitly allows the 'Bash' tool. In combination with the Indirect Prompt Injection surface, an attacker-controlled webpage could trick the agent into running arbitrary system commands via the shell.
- [INDIRECT_PROMPT_INJECTION_SURFACE] (HIGH):
- Ingestion points: External web pages and components targeted for accessibility audits as described in the overview and examples.
- Boundary markers: Absent. There are no instructions or delimiters provided to the agent to ensure it ignores embedded instructions within the data being audited.
- Capability inventory: The skill utilizes 'Bash', 'Write', 'Edit', 'Grep', 'Glob', and 'Read'. These provide a broad attack surface for data exfiltration or system modification if an injection is successful.
- Sanitization: Absent. The skill does not define any input validation, content filtering, or sanitization of the external content before it is processed by the agent or tools.
Recommendations
- AI detected serious security threats
Audit Metadata