website-accessibility-check
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions require the agent to execute a local shell script (
scripts/website-verify.sh) to confirm accessibility compliance. This constitutes command execution within the agent's environment. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it analyzes content from website pages and components.
- Ingestion points: Source files and UI components from the
website/directory are processed by the agent during the audit. - Boundary markers: There are no markers or instructions provided to isolate the data being audited from the agent's core instructions, increasing the risk of the agent following instructions embedded in the source files.
- Capability inventory: The agent possesses the capability to run local scripts and interact with developer tools via the
website-devtoolsskill reference. - Sanitization: The instructions do not define any sanitization, validation, or escaping steps for the content being audited.
Audit Metadata