a11y-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The instructions are strictly focused on enforcing WCAG and accessibility standards. There are no attempts to bypass safety filters or override system prompts.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, API keys, or sensitive file paths were found. The skill does not perform any network operations.
- Remote Code Execution (SAFE): The skill contains no code execution logic, shell commands, or package management instructions. It is entirely composed of markdown files.
- Obfuscation (SAFE): All content is human-readable. No Base64, zero-width characters, or hex encoding was detected.
- Indirect Prompt Injection (SAFE): While the skill is designed to process UI code and provide feedback, it lacks the functional capabilities (such as file writing or network access) that would be required to execute an indirect prompt injection attack successfully.
Audit Metadata