web-accessibility-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script
scripts/run-eslint.shexecuteseslintvianpxon the local directory. This is standard behavior for a code-auditing utility and does not pose a risk.\n- [DATA_EXPOSURE] (SAFE): The skill does not access sensitive file paths (like SSH keys or AWS configs) or hardcode any credentials.\n- [EXTERNAL_DOWNLOADS] (SAFE): The use ofnpxmay download theeslintpackage from the official npm registry if it is not locally available. This is a trusted source and standard for Node.js environments.\n- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill ingests source code for analysis. While malicious comments in target code could try to influence the agent's report, this is a common characteristic of analysis tools and does not constitute a high-risk vulnerability in this context.\n - Ingestion points: Local source files scanned by
grepandeslint.\n - Boundary markers: N/A.\n
- Capability inventory: Local file system read and shell execution of linters.\n
- Sanitization: None.
Audit Metadata