The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from external websites (HTML, page structure, and video frames) to generate remediation code and captions. There are no documented boundary markers or sanitization procedures for this data before it is analyzed by the LLM.
Ingestion points: External URLs and discovered links processed during site crawling and audit steps.
Capability inventory: High-privilege actions including shell execution (node, curl, ffmpeg, vibium) and browser-based JavaScript execution (vibium eval).
Boundary markers: No explicit delimiters are used to separate ingested content from instructions in the remediation or vision prompts.
Sanitization: No sanitization of external HTML or media content is performed prior to model processing.
[COMMAND_EXECUTION]: The skill dynamically generates several Node.js scripts (multi-tool-scan.js, parallel-audit.js, crawl-audit.js) at runtime, writing them to the /tmp directory and executing them to facilitate parallel audits and crawling logic.
[COMMAND_EXECUTION]: Extensive use of CLI tools for core functionality, including vibium for browser automation, ffmpeg for media processing, and curl for downloading content from external URLs provided by users or discovered via crawling.
[EXTERNAL_DOWNLOADS]: Fetches the axe-core engine from the well-known Cloudflare CDN (cdnjs.cloudflare.com) for injection into browser sessions and downloads video files from remote sources for accessibility analysis.

a11y-ally