webapp-testing
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The helper script
scripts/with_server.pyutilizessubprocess.Popenwithshell=Trueto run commands provided as arguments. This allows for the execution of arbitrary shell strings (e.g., starting local servers) which bypasses standard command construction safety. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. It interacts with web applications and captures rendered content and browser logs which are then processed by the agent. A malicious or compromised web application could include instructions in its HTML or console output designed to manipulate the agent's logic.
- Ingestion points:
page.content()inSKILL.mdandpage.on('console', ...)inexamples/console_logging.py. - Boundary markers: No delimiters or instructions to ignore embedded content are used when processing the data.
- Capability inventory: The agent has access to
subprocessexecution viascripts/with_server.pyand file-writing capabilities in theexamples/directory. - Sanitization: No evidence of sanitization or validation of the ingested web content before processing.
Audit Metadata