Skills
skills/workleap/wl-squide/accessibility/Gen Agent Trust Hub

accessibility

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses command-line tools such as npx lighthouse and axe to perform audits on user-specified URLs.
  • [EXTERNAL_DOWNLOADS]: Fetches auditing packages from the official NPM registry, including Google's lighthouse and Deque Systems' @axe-core/cli.
  • [PROMPT_INJECTION]:
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted web content from external URLs, which could contain malicious instructions designed to influence the agent's behavior during the audit process.
  • Ingestion points: Content from external URLs is processed via the lighthouse and axe commands in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded text are used when processing the external content.
  • Capability inventory: The skill possesses the ability to execute shell commands (npx, axe) and potentially write audit results to the file system.
  • Sanitization: No sanitization of the external content is performed within the skill before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 12:16 PM