webapp-testing
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/with_server.pyusessubprocess.Popenwithshell=Trueto execute commands provided via the--serverargument. This allows for arbitrary shell command execution, including chained commands (e.g., using&∨). While intended for starting local servers, this mechanism can be exploited if the input to the command is influenced by untrusted data. - [PROMPT_INJECTION]: The
SKILL.mdfile contains instructions telling the agent "DO NOT read the source until you try running the script first" and describing the scripts as "black-box scripts rather than ingested into your context window." These instructions discourage the AI from performing safety inspections of the code it is about to execute, which is a characteristic of behavior-overriding prompts. - [COMMAND_EXECUTION]: The examples
examples/element_discovery.py,examples/console_logging.py, andexamples/static_html_automation.pydemonstrate patterns for interacting with local web applications and the file system. These scripts have the capability to read and write files (e.g.,/mnt/user-data/outputs/console.log,/tmp/page_discovery.png) and capture browser data.
Audit Metadata