alt-text
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains no executable scripts, binary files, or third-party package dependencies.
- [SAFE]: All external links point to established and reputable technical documentation platforms such as the W3C, MDN Web Docs, and web.dev.
- [SAFE]: Indirect prompt injection analysis: The skill's primary function is to scan codebase markup (
<img>tags) inSKILL.md. While it ingests untrusted data from project files, it lacks capabilities for arbitrary command execution, network exfiltration, or privileged file access. No boundary markers are used, but the skill's narrow scope as an advisory accessibility auditor and its lack of high-risk tool access render the injection surface safe.
Audit Metadata