The Agent Skills Directory

[SAFE]: The skill's behavior matches its described purpose of auditing frontend code for accessibility issues. All operations are restricted to standard development tools and local environment checks.
[EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and run @axe-core/cli, which is a well-known and trusted package for accessibility testing. The usage is version-pinned to version 4, reducing the risk of supply chain attacks.
[COMMAND_EXECUTION]: Shell execution is limited to grep for static pattern matching and npx for dynamic auditing. These commands target local project files and a local development server (localhost:3000), which is standard practice for frontend auditing.
[PROMPT_INJECTION]: The skill has an indirect injection surface because it reads external project files (HTML, JSX, Vue). However, since it uses predefined search patterns for reporting purposes and does not execute the content of those files, the risk is minimal.

accessibility-audit