Accessibility Auditor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill exposes a significant surface for indirect prompt injection by combining data ingestion with modification capabilities. * Ingestion points: The skill ingests codebase data using the Read and Grep tools. * Boundary markers: There are no delimiters or explicit instructions provided to the agent to ignore or isolate instructions embedded within the files it audits. * Capability inventory: The skill is granted the Edit tool, which allows it to make persistent changes to the filesystem. * Sanitization: No sanitization, filtering, or validation is performed on the content read from the codebase before it influences the agent's editing actions.
Recommendations
- AI detected serious security threats
Audit Metadata