WCAG 2.1 AA Web UI Audit
Skill Version
Trigger Phrases
Use this skill when the request includes any of the following:
- - WCAG 2.1 AA audit
- Accessibility audit or UI accessibility review
- A11y checklist or conformance report
- Remediation plan for accessibility issues
- Keyboard navigation or focus issues
- Contrast issues
- Zoom/reflow issues
- ARIA or name/role/value issues
- Status message or toast announcement issues
- Forms and accessibility issues
Scope & Assumptions (Required First Output)
When invoked, first output a
## Scope & Assumptions section before any findings. Include:
- - Product type
- Key flows and complete processes in scope
- Platforms in scope
- Components in scope
- Access constraints (timebox, environments, auth constraints)
- Evidence type boundaries:
-
confirmed implementation issue: verified on running UI or artifact with reproducible behavior
-
design-time risk: predicted from design artifacts/spec without runtime confirmation
- - Conformance note: "This report provides accessibility conformance guidance against WCAG 2.1 Level A and AA."
Inputs and Best-Effort Defaults
Collect these inputs. If missing, proceed with defaults and state assumptions explicitly.
- Preferred input:
SaaS,
ecommerce,
content
- Default:
SaaS (switch to
ecommerce if cart/checkout is in scope)
- Preferred input: explicit flows
- Default:
sign-in,
onboarding,
search/filter,
forms,
checkout (if applicable)
- Preferred input: desktop, mobile, or both
- Default:
desktop + mobile
- Preferred input: explicit component list
- Default:
navigation,
modal,
drawer,
toast/status,
carousel,
date picker,
table,
forms
- Preferred input: timebox, environments, authentication access
- Default:
single-pass audit on available environment within stated timebox
- Preferred input: URLs and/or design files/specs
- Default behavior: if no URLs/artifacts are provided, run a clearly labeled
Readiness Review only
Deterministic Workflow
Run these steps in order.
- 1. Scope
- - Define flows, pages, components, and complete processes.
- Identify highest-risk areas: forms, checkout, auth, navigation, modals, dynamic updates.
- 2. Baseline automated checks (optional)
- - Run axe and lighthouse on key pages when runtime URLs are available.
- Capture and deduplicate issues.
- If automation dependencies are missing, continue with manual workflow and mark automation as skipped.
- 3. Manual keyboard audit
- - Validate tab order, focus visibility, keyboard traps, skip links, modals, menus, and custom controls.
- 4. Visual audit
- - Validate text contrast, non-text contrast, focus indicator visibility/contrast, non-color error cues, and hover/focus content behavior.
- 5. Zoom and reflow audit
- - Validate at 200% zoom, 320 CSS px width, text-spacing overrides, and orientation behavior.
- 6. Forms and errors audit
- - Validate labels, instructions, error identification, error suggestions, and error prevention for legal/financial/data commitments.
- 7. Semantics and ARIA audit
- - Validate name/role/value, label-in-name, autocomplete/input purpose semantics, and parsing robustness.
- 8. Status messages audit (AA)
- - Validate that toasts and inline status updates are announced without forced focus moves when appropriate.
- 9. Synthesis
- - Map each finding to WCAG SC.
- Assign severity.
- Propose design and engineering fixes.
- Add acceptance criteria and verification steps.
Output Contract (Always Deterministic)
Always render output with these sections in this exact order using templates:
- - �INLINECODE24
- INLINECODE25
- INLINECODE26
- INLINECODE27
- INLINECODE28
Use these files directly:
- - �INLINECODE29
- INLINECODE30
- INLINECODE31
Findings Quality Bar
Every finding must include:
- - WCAG SC ID, name, and level
- Severity:
Blocker, High, Medium, �INLINECODE35 - Affected user groups
- Repro steps
- Expected vs actual behavior
- Suggested fix split into design and engineering actions
- Verification steps (manual and tool-based where relevant)
- Evidence type:
confirmed implementation issue or �INLINECODE37
Severity Rubric
- -
Blocker: Prevents task completion for one or more user groups. - INLINECODE39�: Causes major friction or frequent failure.
- INLINECODE40�: Noticeable barrier with workaround.
- INLINECODE41�: Minor barrier or polish issue.
Component Fix Recipes
Use
docs/ui-component-checklists.md for fix-oriented component recipes covering:
- - Buttons/links
- Inputs/selects/forms
- Modal/dialog
- Tooltip/popover
- Carousel
- Toast/status
- Tabs
- Accordion
- Table
- Date picker
Optional Automation Script
Use the optional script only when runtime URLs are provided:
CODEBLOCK0
Behavior expectations:
- - Writes
outputs/axe-results.json and outputs/axe-summary.md. - Deduplicates by
(rule id + target selector + page). - Continues on per-URL failures.
- If
playwright or @axe-core/playwright is missing, prints install guidance and exits without failing.
"All Requirements" Requests
If the user asks for all WCAG requirements, point to and include or excerpt:
Conformance Language Guardrail
Do not issue legal determinations or certification statements. Use conformance phrasing such as:
- - "accessibility conformance guidance"
- "conformance risk"
- "current conformance gaps"
Source Notes
Use WCAG terminology and SC names from:
- - WCAG 2.1 Recommendation
- WAI How to Meet WCAG (Quick Reference) filtered to Level A and AA
- Understanding WCAG, including 4.1.3 Status Messages
WCAG 2.1 AA 网页界面审计
技能版本
触发短语
当请求包含以下任何内容时,使用此技能:
- - WCAG 2.1 AA 审计
- 无障碍审计或界面无障碍审查
- A11y 检查清单或合规性报告
- 无障碍问题修复方案
- 键盘导航或焦点问题
- 对比度问题
- 缩放/重排问题
- ARIA 或名称/角色/值问题
- 状态消息或提示公告问题
- 表单与无障碍问题
范围与假设(首次输出必需)
调用时,在输出任何发现之前,首先输出一个 ## 范围与假设 部分。包括:
- - 产品类型
- 范围内的关键流程和完整过程
- 范围内的平台
- 范围内的组件
- 访问限制(时间盒、环境、认证限制)
- 证据类型边界:
- 已确认的实现问题:在运行中的界面或可复现行为的工件上验证
- 设计阶段风险:根据设计工件/规范预测,未经运行时确认
- - 合规性说明:本报告提供针对 WCAG 2.1 A 级和 AA 级的无障碍合规性指导。
输入与尽力默认值
收集这些输入。如果缺失,使用默认值进行,并明确说明假设。
- 首选输入:SaaS、电子商务、内容
- 默认值:SaaS(如果购物车/结账在范围内,则切换为电子商务)
- 首选输入:明确的流程
- 默认值:登录、引导流程、搜索/筛选、表单、结账(如适用)
- 首选输入:桌面端、移动端或两者
- 默认值:桌面端 + 移动端
- 首选输入:明确的组件列表
- 默认值:导航、模态框、抽屉、提示/状态、轮播、日期选择器、表格、表单
- 首选输入:时间盒、环境、认证访问
- 默认值:在指定时间盒内对可用环境进行单次审计
- 首选输入:URL 和/或设计文件/规范
- 默认行为:如果未提供 URL/工件,仅运行明确标注的就绪审查
确定性工作流程
按顺序执行以下步骤。
- 1. 范围
- - 定义流程、页面、组件和完整过程。
- 识别最高风险区域:表单、结账、认证、导航、模态框、动态更新。
- 2. 基线自动化检查(可选)
- - 在运行时 URL 可用时,对关键页面运行 axe 和 Lighthouse。
- 捕获并去重问题。
- 如果缺少自动化依赖,继续使用手动工作流程,并将自动化标记为已跳过。
- 3. 手动键盘审计
- - 验证 Tab 键顺序、焦点可见性、键盘陷阱、跳过链接、模态框、菜单和自定义控件。
- 4. 视觉审计
- - 验证文本对比度、非文本对比度、焦点指示器可见性/对比度、非颜色错误提示以及悬停/焦点内容行为。
- 5. 缩放和重排审计
- - 在 200% 缩放、320 CSS 像素宽度、文本间距覆盖和方向行为下进行验证。
- 6. 表单和错误审计
- - 验证标签、说明、错误识别、错误建议以及法律/财务/数据提交的错误预防。
- 7. 语义和 ARIA 审计
- - 验证名称/角色/值、名称中包含标签、自动填充/输入目的语义以及解析健壮性。
- 8. 状态消息审计(AA)
- - 验证提示和行内状态更新在适当时无需强制移动焦点即可被宣告。
- 9. 综合
- - 将每个发现映射到 WCAG 成功标准。
- 分配严重性。
- 提出设计和工程修复方案。
- 添加验收标准和验证步骤。
输出契约(始终确定性)
始终使用模板按此确切顺序呈现输出部分:
- - A) 审计摘要(一页)
- B) 发现表
- C) 按流程说明
- D) 修复待办事项
- E) 完成定义(工程 + 质量保证)
直接使用以下文件:
- - templates/audit-report-template.md
- templates/finding-template.md
- templates/remediation-backlog-template.md
发现质量标准
每个发现必须包括:
- - WCAG 成功标准 ID、名称和级别
- 严重性:阻塞、高、中、低
- 受影响的用户群体
- 复现步骤
- 预期行为与实际行为
- 建议修复方案,分为设计和工程行动
- 验证步骤(手动和基于工具的,如相关)
- 证据类型:已确认的实现问题 或 设计阶段风险
严重性评分标准
- - 阻塞:阻止一个或多个用户群体完成任务。
- 高:导致重大摩擦或频繁失败。
- 中:存在明显障碍但有变通方法。
- 低:轻微障碍或完善性问题。
组件修复方案
使用 docs/ui-component-checklists.md 获取面向修复的组件方案,涵盖:
- - 按钮/链接
- 输入框/选择框/表单
- 模态框/对话框
- 工具提示/弹出框
- 轮播
- 提示/状态
- 标签页
- 折叠面板
- 表格
- 日期选择器
可选自动化脚本
仅在提供运行时 URL 时使用可选脚本:
bash
node scripts/runaxeplaywright.js --url https://example.com
node scripts/runaxeplaywright.js --urls-file ./urls.txt
行为预期:
- - 写入 outputs/axe-results.json 和 outputs/axe-summary.md。
- 按 (规则 ID + 目标选择器 + 页面) 去重。
- 在单个 URL 失败时继续执行。
- 如果缺少 playwright 或 @axe-core/playwright,则打印安装指南并退出,不报错。
所有要求请求
如果用户要求所有 WCAG 要求,请指向并包含或摘录:
- - docs/wcag21-aa-success-criteria.md
合规性语言护栏
不要发布法律判定或认证声明。使用合规性措辞,例如:
来源说明
使用来自以下来源的 WCAG 术语和成功标准名称:
- - WCAG 2.1 推荐标准
- WAI 如何满足 WCAG(快速参考),筛选至 A 级和 AA 级
- 理解 WCAG,包括 4.1.3 状态消息
