wcag-compliance-checker
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of well-known, reputable npm packages for accessibility testing, including @axe-core/cli, pa11y, lighthouse, and react-axe.\n- [COMMAND_EXECUTION]: Provides bash commands to run automated scanners such as axe and pa11y against target URLs and local files to generate compliance reports.\n- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection due to its core functionality:\n
- Ingestion points: Scans external website content, sitemaps, and tool outputs (SKILL.md).\n
- Boundary markers: No markers or explicit instructions are provided to the agent to disregard instructions potentially embedded in the scanned content.\n
- Capability inventory: The skill has access to Bash, Write, Read, Glob, and Grep tools (SKILL.md).\n
- Sanitization: No process is described for sanitizing or validating the data returned from external scans before it is processed by the agent.
Audit Metadata