auditing-wcag
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill requires executing shell commands (e.g.,
npm install,npx playwright test) to perform its auditing functions. These commands are executed via theTasktool and the providedrun-test.jswrapper. While command execution is sensitive, it is directly tied to the primary purpose of the skill and the commands are directed at local auditing scripts. - [EXTERNAL_DOWNLOADS] (LOW): The skill installs dependencies from the npm registry and downloads browser binaries via Playwright. These are from trusted sources (Microsoft, Deque Systems) and are essential for the skill's operation. Per the [TRUST-SCOPE-RULE], these findings are downgraded to LOW.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes content from arbitrary external URLs provided by the user.
- Ingestion points: Target URLs are loaded into a browser context via
page.goto()in multiple scripts (axe-audit.ts,reflow-check.ts,zoom-200-check.ts, etc.). - Boundary markers: Absent. The instructions do not provide clear delimiters or warnings to the agent to disregard instructions found within the audited page content.
- Capability inventory: The agent has access to shell command execution (
run-test.js), file system write access (for generating reports and saving screenshots), and full browser control (navigate, click, type). - Sanitization: Absent. The skill does not sanitize or filter the content of the target pages before processing them.
- Risk: A malicious target page could contain hidden instructions designed to manipulate the audit report or trick the agent into using its tools for unintended purposes.
Audit Metadata