Accessibility Engineer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill has a high vulnerability surface for indirect prompt injection as it is designed to ingest external UI code and possesses file-modification capabilities.
- Ingestion points: Audits external frontend source code and HTML templates (implied by README.md and manifest.yaml).
- Boundary markers: None present; there are no clear delimiters to separate ingested code from the agent's internal reasoning.
- Capability inventory: The manifest.yaml explicitly grants permissions for
modifies_filesandcreates_artifacts. - Sanitization: No evidence of sanitization or filtering to prevent the agent from executing instructions found within audited files.
- [Unverifiable Dependencies] (MEDIUM): The skill depends on external components, specifically
accessibility-checker-mcpandcontrast-checker-tool, without providing source verification or version locking. These external tools could potentially execute arbitrary code if compromised.
Recommendations
- AI detected serious security threats
Audit Metadata