Skills
skills/duc01226/easyplatform/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper script scripts/with_server.py uses subprocess.Popen with shell=True to start servers and subprocess.run to execute automation commands. This allows for the execution of arbitrary shell strings constructed by the agent. The instructions in SKILL.md ('Use bundled scripts as black boxes... don't read source') serve to prevent the agent from auditing the logic of this script, which is a significant security concern in an autonomous context.
  • [PROMPT_INJECTION]: The skill exhibits a high susceptibility to indirect prompt injection.
  • Ingestion points: The agent is directed to ingest untrusted data from external web pages via page.content() and DOM element discovery in SKILL.md and the provided examples.
  • Boundary markers: The instructions lack any requirement for boundary markers or safety delimiters when processing data retrieved from the browser.
  • Capability inventory: The agent has the capability to execute shell commands (via with_server.py) and write files to the system (e.g., examples/console_logging.py writes to /mnt/user-data/outputs/).
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from web pages before it is processed as instructions or data for subsequent steps.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 02:54 PM