accessibility-fixer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a high-risk attack surface by combining untrusted data ingestion with write capabilities.
- Ingestion points: The skill ingests external React components and files using 'Read', 'Grep', and 'Glob' tools.
- Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between code to be analyzed and instructions to be followed.
- Capability inventory: The skill is granted 'Write' and 'Edit' permissions, which allows the agent to make persistent changes to the filesystem based on interpreted content.
- Sanitization: No sanitization or validation mechanisms are defined to filter or escape instructions embedded within the analyzed source code.
Recommendations
- AI detected serious security threats
Audit Metadata