wave-contrast-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's core workflow explicitly instructs the agent to navigate to and run axe-core on a live web page (Step 1: "Navigate to: https://example.com/page.html" and references to WAVE report URLs) — i.e., it ingests and interprets arbitrary public webpage content which can materially drive remediation actions — exposing it to untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill dynamically injects and executes remote code at runtime by loading the axe-core script from https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.9.1/axe.min.js, which is a required dependency used to run analyses in-page.