ux-audit
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to download the
axe-coreaccessibility testing library from Cloudflare's content delivery network (cdnjs.cloudflare.com). This is a well-known service used for serving legitimate web development assets. - [COMMAND_EXECUTION]: Local shell commands such as
lsof(to find active development servers),sips(for resizing audit screenshots), andpnpm/npm(for running regression tests) are used for routine environment setup and data processing. - [REMOTE_CODE_EXECUTION]: The agent executes JavaScript snippets within the target website's browser context to perform layout stress tests and accessibility evaluations. This dynamic execution is restricted to the browser session and is required for the skill's auditing functionality.
- [PROMPT_INJECTION]: By navigating and reading content from live, untrusted web applications, the agent is exposed to potential indirect prompt injection attacks. Malicious instructions placed on a target website could attempt to influence the agent's audit findings or subsequent actions. The skill mitigates this risk by recommending the use of sub-agents for screenshot review and maintaining a strict interaction manifest.
Audit Metadata