scan
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Uses
npxto download and run@accesslint/chromeand@accesslint/cli. These are official packages from the skill's author ('accesslint') used for its core functionality. - [COMMAND_EXECUTION]: Executes shell commands to manage a headless Chrome instance and perform accessibility scans. The tool uses
npxto ensure the latest versions are used. - [INDIRECT_PROMPT_INJECTION]: Analyzes external web page content which represents an untrusted data source.
- Ingestion points: Live page content fetched from user-provided URLs or configuration targets in
SKILL.md. - Boundary markers: None explicitly mentioned in the instructions, though scan results are returned in structured JSON format via the CLI.
- Capability inventory: Shell execution capabilities (Bash) and local file reading (Read) are permitted in the skill frontmatter.
- Sanitization: No explicit sanitization or instruction-ignoring delimiters are mentioned for the ingested page content.
Audit Metadata