The Agent Skills Directory

[COMMAND_EXECUTION]: The utility script scripts/with_server.py uses subprocess.Popen with shell=True to execute commands provided via the --server argument. This allows for the execution of arbitrary shell commands which can be influenced by input.
[COMMAND_EXECUTION]: The scripts/with_server.py script executes the final command string using subprocess.run, which allows the agent to run arbitrary system commands after a server is ready.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from external web pages during automated testing and selector generation.
Ingestion points: Web application URLs accessed via playwright.goto() in examples/ai-powered-testing.py and examples/element_discovery.py, and the webapp_url parameter in SKILL.md logic.
Boundary markers: None. The skill does not use delimiters or instructions to ignore embedded commands when parsing element text or page content.
Capability inventory: The skill is granted access to high-privilege tools including Bash, Write, and Edit, and includes scripts that can spawn subprocesses.
Sanitization: No evidence of sanitization, escaping, or validation of content retrieved from the web page DOM was found before it is used in logic or test generation.

moai-playwright-webapp-testing