a11y-ally

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and crawls arbitrary TARGET_URLs using Vibium/agent-browser/Playwright (STEP 1), extracts and evaluates page DOM into pageInfo (STEP 2/page.evaluate), downloads video files from discovered video URLs (STEP 7 via curl/ffmpeg), and reads/analyzes those frames with the vision/read tool — all of which ingest untrusted public web content and use it to drive LLM decisions and follow-up actions (e.g., triggering the video pipeline and generating remediation), so it clearly exposes the agent to third‑party content that could contain indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's runtime includes an explicit install-and-run step ("npm install playwright-extra puppeteer-extra-plugin-stealth @axe-core/playwright pa11y lighthouse chrome-launcher" then running Node scripts) which fetches and executes remote packages from the npm registry (https://registry.npmjs.org) as a required dependency, so remote code is retrieved and executed at runtime.