webapp-testing
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the creation and execution of Python scripts using the Bash tool to run Playwright tests via pytest. This is the primary intended function for browser automation.
- [PROMPT_INJECTION]: The skill ingests untrusted content from web pages (e.g., page.content()) and console logs, creating a surface for indirect prompt injection. Evidence: 1. Ingestion points: page.content() and page.on('console') in SKILL.md. 2. Boundary markers: None. 3. Capability inventory: Bash, Write, and Edit tools for script creation and execution. 4. Sanitization: None mentioned for page content processing.
Audit Metadata