webapp-testing
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (MEDIUM): The skill utilizes a 'Don't Look' pattern, explicitly instructing the AI: 'DO NOT read the source until you try running the script first' and to treat helper scripts as 'black-box'. This instruction actively attempts to bypass the agent's internal safety checks and code review capabilities.
- [Command Execution] (MEDIUM): The tool is designed to execute arbitrary shell commands via the --server flag in the with_server.py script. While functionally necessary for the skill's stated purpose, this provides a direct path for command injection if the input parameters are influenced by untrusted data.
- [Indirect Prompt Injection] (LOW): The skill possesses a significant attack surface by design, as it navigates to and extracts content from web pages which may contain adversarial instructions. 1. Ingestion points: page.content(), DOM inspection, and visual screenshots. 2. Boundary markers: None identified in the prompt templates. 3. Capability inventory: Execution of shell commands via with_server.py and arbitrary Python script execution. 4. Sanitization: None; the agent is encouraged to use discovered selectors directly in actions.
Audit Metadata