accessibility-auditor

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only accessibility auditing skill with coherent examples, but one contrast-checking sample is a disclosed placeholder and should not be relied on directly.

Reasonable to install for accessibility guidance. Before using the code examples in a real audit or CI gate, replace the placeholder color-contrast calculation with a vetted WCAG-compliant library or algorithm, and review any adopted CI workflow steps that upload reports or post pull request comments.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The code advertises a contrast-ratio check but always returns 4.5, meaning low-contrast content can incorrectly pass automated testing. In an accessibility-auditing skill, this creates a false sense of compliance and can directly undermine release gating or audit evidence.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The example presents color-contrast auditing as functional, but the underlying calculation is nonfunctional, so the reported violations and compliance assertions are unreliable. Because this skill is specifically for accessibility auditing, users are likely to trust and reuse the example, making the mismatch materially dangerous for compliance and user safety.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal