Axe-core Accessibility Testing
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references standard packages from the official NPM registry, including
@axe-core/playwright,axe-core, andplaywright. These are well-known and trusted tools for web automation and accessibility testing.\n- [COMMAND_EXECUTION]: Provides standardnpm installcommands for developer environment setup, consistent with the skill's purpose and following best practices for software development.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by processing external web content during testing.\n - Ingestion points: The skill uses
page.goto()to load external URLs andpage.evaluate()to extract content from the browser's DOM (e.g., inSKILL.md).\n - Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are present to prevent the agent from being influenced by instructions discovered on tested pages.\n
- Capability inventory: The skill utilizes Playwright, which allows for complex browser interaction, network requests, and interaction with the host environment through its test runner.\n
- Sanitization: No explicit sanitization or filtering of the extracted web content is observed before it is processed by the analysis logic.
Audit Metadata