The Agent Skills Directory

[COMMAND_EXECUTION]: The script 'scripts/with_server.py' uses 'subprocess.Popen' with 'shell=True' to execute server commands provided via the '--server' argument. This pattern allows for the execution of arbitrary shell commands. While intended for local development, it poses a risk if an attacker can influence the command strings passed to the script.
[PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection. 1. Ingestion points: The skill ingests untrusted data from web pages using 'page.content()' and 'inner_text()' in 'element_discovery.py', and from browser console logs in 'console_logging.py'. 2. Boundary markers: There are no instructions or delimiters provided to the agent to distinguish between its own instructions and content scraped from the web applications. 3. Capability inventory: The skill possesses powerful capabilities, including arbitrary command execution via 'with_server.py' and file writing to '/mnt/user-data/outputs/'. 4. Sanitization: No sanitization or validation is performed on the data retrieved from the browser before it is processed by the agent.

webapp-testing