qe-a11y-ally
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill dynamically generates several JavaScript files (such as multi-tool-scan.js, parallel-audit.js, and crawl-audit.js) and executes them using the Node.js runtime.
- [COMMAND_EXECUTION]: The skill uses shell commands to install npm packages, download videos via curl, and process media with ffmpeg.
- [EXTERNAL_DOWNLOADS]: At runtime, the skill installs several Node.js packages from the npm registry and downloads video files from remote URLs provided by the user or found on the target page.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external websites.
- Ingestion points: Page HTML content, video frames extracted via ffmpeg, and URL-based metadata (SKILL.md).
- Boundary markers: Absent; findings from automated tools and external content are directly interpolated into final reports without delimiters.
- Capability inventory: File system write access (docs/ and /tmp/), shell command execution (bash), and Node.js execution (SKILL.md).
- Sanitization: Absent; the skill does not explicitly sanitize or escape external content before using it to generate context-aware remediation code.
Audit Metadata