Skills
skills/89jobrien/steve/testing/Gen Agent Trust Hub

testing

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The file scripts/with-server.py uses subprocess.Popen(shell=True) to run commands provided via the --server argument. This allows an attacker to execute arbitrary shell commands if they can influence the agent's input.
  • PROMPT_INJECTION (HIGH): The skill uses Playwright to capture data from potentially untrusted web pages in examples/console-logging.py. This data is then processed by the agent, creating a vector for indirect prompt injection where a website could control the agent's actions.
  • DATA_EXFILTRATION (MEDIUM): The use of file:// URLs in examples/static-html-automation.py enables the browser to access the local filesystem. If the path is manipulated, it could be used to expose sensitive system files to the agent or external outputs.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 01:37 AM