webapp-testing
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The SKILL.md file contains explicit instructions for the agent to avoid reading the source code of the provided scripts before execution (DO NOT read the source until you try running the script first). This pattern discourages the agent's internal safety filters and self-auditing capabilities.
- [COMMAND_EXECUTION]: The script at scripts/with_server.py executes arbitrary shell commands provided via CLI arguments using subprocess.Popen with shell=True. This provides a high-privilege interface for executing potentially dangerous commands if the inputs are influenced by malicious data.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: element_discovery.py and console_logging.py extract text and logs from web pages. 2. Boundary markers: No delimiters or warnings are used to differentiate between system instructions and data from web pages. 3. Capability inventory: with_server.py provides shell command execution capabilities. 4. Sanitization: The skill does not perform sanitization or validation of the content retrieved from web applications before processing it.
Audit Metadata