Skills
skills/ar4mirez/samuel/webapp-testing/Gen Agent Trust Hub

webapp-testing

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/with_server.py utilizes subprocess.Popen with shell=True to launch local servers. This behavior is necessary for the skill's purpose of testing applications that require active server processes.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads and interacts with external web content.
  • Ingestion points: Data is ingested from web pages in examples/element_discovery.py and examples/console_logging.py via Playwright locators.
  • Boundary markers: No specific delimiters or safety instructions are used to separate web content from agent instructions.
  • Capability inventory: The skill can execute shell commands through the with_server.py script and write to the filesystem.
  • Sanitization: There is no evidence of content sanitization for data retrieved from the browser DOM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 06:47 PM