webapp-testing
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Obfuscation] (MEDIUM): The skill instructions (e.g., 'DO NOT read the source until you try running the script first') discourage the agent from auditing the logic of provided scripts. This 'black-box' approach is an adversarial pattern that could be used to hide malicious behavior from the agent's reasoning process.
- [Command Execution] (MEDIUM): The 'with_server.py' script accepts and executes arbitrary shell commands via the '--server' parameter, allowing for potential privilege escalation or unauthorized process execution.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted content from web applications without sanitization or boundary markers, creating a surface for indirect instructions to influence agent behavior. 1. Ingestion points: page.content(), page.locator(), and browser logs. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution via 'with_server.py', file writing via 'page.screenshot', and network access via Playwright. 4. Sanitization: Absent.
Audit Metadata