scan

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Uses npx to download and run @accesslint/chrome and @accesslint/cli. These are official packages from the skill's author ('accesslint') used for its core functionality.
  • [COMMAND_EXECUTION]: Executes shell commands to manage a headless Chrome instance and perform accessibility scans. The tool uses npx to ensure the latest versions are used.
  • [INDIRECT_PROMPT_INJECTION]: Analyzes external web page content which represents an untrusted data source.
  • Ingestion points: Live page content fetched from user-provided URLs or configuration targets in SKILL.md.
  • Boundary markers: None explicitly mentioned in the instructions, though scan results are returned in structured JSON format via the CLI.
  • Capability inventory: Shell execution capabilities (Bash) and local file reading (Read) are permitted in the skill frontmatter.
  • Sanitization: No explicit sanitization or instruction-ignoring delimiters are mentioned for the ingested page content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 08:45 PM
Security Audit — agent-trust-hub — scan