wave-contrast-audit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the axe-core library from Cloudflare's CDN (cdnjs.cloudflare.com). This is a well-known and trusted service.
- [COMMAND_EXECUTION]: The skill executes grep to search files and runs a Python script to update CSS styles. These commands are localized to the project's source files.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes data from live webpages via axe-core. 1. Ingestion points: Webpage content processed in Step 2 of SKILL.md. 2. Boundary markers: No markers are used to isolate the data. 3. Capability inventory: grep and Python-based file writing to styles.css. 4. Sanitization: The skill does not sanitize the output from axe-core before using it in string replacements.
Audit Metadata