web-quality-audit
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates locally to perform audits on code quality and accessibility, consistent with its stated purpose.- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill is designed to read local HTML files for analysis. No patterns indicating access to sensitive system files (e.g., SSH keys, environmental variables) or hardcoded credentials were found. The skill does not perform any network operations.- [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes content from external HTML files.
- Ingestion points:
scripts/analyze.shreads the content of HTML files in a target directory and usesgrepto find issues. - Boundary markers: The script output does not use specific delimiters or instructions to the agent to disregard instructions found within the audited content.
- Capability inventory: The skill is limited to file reading and JSON reporting; it lacks network access, file-writing capabilities, or the ability to execute untrusted code.
- Sanitization: The shell script does not escape special characters (such as double quotes) in filenames when generating its JSON report, which could lead to malformed output, but it does not represent a high-risk security vulnerability.
Audit Metadata