Skills
skills/ryanthedev/react-native-foundations.skill/a11y-audit/Gen Agent Trust Hub

a11y-audit

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts and JavaScript files (ui.sh, metro.sh, cdp-bridge.js) located in sibling and shared directories to interact with the iOS Simulator and Metro bundler. It also invokes the axe CLI tool to describe the accessibility tree.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to manually install an external dependency via Homebrew (brew install cameroncooke/axe/axe). While this is a third-party repository, the installation is not automated and requires explicit user action.
  • [PROMPT_INJECTION]: The skill ingests external data from the running application (the accessibility tree and React fiber tree) which is processed by a subagent. This constitutes an indirect prompt injection surface; however, the subagent's scope is strictly limited to generating a text-based audit report, minimizing potential impact.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 10:20 AM