web-scanning
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto execute@axe-core/cli,capture-website-cli, andplaywright. These are trusted and widely-used tools from the official npm registry for web auditing and automation. - [COMMAND_EXECUTION]: Shell commands are used to trigger scans and capture screenshots. These commands follow standard usage patterns for the involved utilities.
- [DATA_EXFILTRATION]: Network requests are made using
curlto retrieve sitemaps and web content for discovery purposes. This is a standard operation for web scanning and does not involve exfiltrating sensitive data. - [PROMPT_INJECTION]: The skill analyzes local workspace files (e.g.,
package.json, source code) to detect frameworks and perform reviews, which creates a surface for indirect prompt injection. - Ingestion points: Reads project config and source files in
SKILL.md. - Boundary markers: No explicit delimiters or warnings found.
- Capability inventory: Shell command execution via
npx/curland file writing for results. - Sanitization: No explicit content sanitization or validation mentioned.
Audit Metadata