qa-analyzing-ux-flows
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/accessibility_check.pyfetches theaxe-corelibrary fromcdnjs.cloudflare.com. This is a well-known and reputable service for hosting web assets. - [COMMAND_EXECUTION]: The skill uses local Python scripts to audit websites and analyze user flows. These scripts are run via the command line and generate reports in the local filesystem.
- [PROMPT_INJECTION]: The skill audits external websites and extracts content such as HTML attributes and labels, creating a surface for indirect prompt injection.
- Ingestion points: The
scripts/accessibility_check.pyscript extracts metadata and text from target URLs. - Boundary markers: Extracted content is included in reports without specific delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can write files to the local directory and access network resources to perform audits.
- Sanitization: The script truncates HTML snippets for brevity but does not sanitize extracted text against potential injection attacks.
Audit Metadata