The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill directs the agent to run 'npx ai-a11y', which downloads and executes a package from the npm registry. The source 'lxgicstudios' is not a trusted organization, posing a risk of unverified code execution.- COMMAND_EXECUTION (LOW): The skill relies on shell command execution to perform its primary function of auditing source code.- PROMPT_INJECTION (LOW): Vulnerable to indirect prompt injection through processed data. 1. Ingestion points: Local HTML and JSX files (e.g., 'src/'). 2. Boundary markers: Absent. 3. Capability inventory: Reads source files and sends data to an AI model for fix generation. 4. Sanitization: Absent. Malicious instructions embedded in the source code being audited could attempt to manipulate the AI's suggestions or the agent's behavior.

a11y-auditor