The Agent Skills Directory

[NO_CODE]: The scripts/ directory README lists several Python scripts (wcag_guidelines.py, aria_validator.py, report_generator.py) that are not present in the provided skill files. Without these scripts, the primary functionality of the skill cannot be verified or executed as described.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it is designed to ingest and process untrusted data from external web pages during accessibility audits. An attacker could place malicious instructions in HTML comments or ARIA attributes to influence the agent's analysis.
Ingestion points: Target application URLs and the resulting HTML/DOM content analyzed by tools like axe-core or Pa11y.
Boundary markers: Absent; the instructions do not provide delimiters or specific prompts to ensure the agent ignores potential instructions embedded within the audited content.
Capability inventory: The skill is configured with Read, Write, Edit, and Bash (restricted to test:a11y-* prefix) tool access.
Sanitization: No explicit sanitization or validation of the ingested web content is described in the instruction set.

scanning-accessibility