Skills
skills/accesslint/skills/diff/Gen Agent Trust Hub

diff

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes dynamic context injection in the YAML frontmatter to resolve the default git branch at load time via git symbolic-ref.
  • [EXTERNAL_DOWNLOADS]: Fetches and executes the latest versions of @accesslint/cli and @accesslint/chrome from the npm registry using npx during execution.
  • [COMMAND_EXECUTION]: Automates local environment state management using git stash and git checkout to facilitate comparison between uncommitted changes or different branches.
  • [COMMAND_EXECUTION]: Interpolates user-provided arguments, such as branch names and target URLs, into shell command strings for the accessibility scanner.
  • [PROMPT_INJECTION]: Processes data from live web pages (DOM), which represents an indirect prompt injection surface where a malicious web page could attempt to influence the agent's report output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 10:03 PM
Security Audit — agent-trust-hub — diff