The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/with_server.py uses subprocess.Popen with shell=True to execute server commands and subprocess.run to execute the automation command. While intended for local development servers (e.g., 'npm run dev'), this provides a mechanism for arbitrary shell command execution.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from web applications.
Ingestion points: The scripts examples/element_discovery.py and examples/console_logging.py extract text and console logs from web pages using inner_text(), page.content(), and console event listeners.
Boundary markers: There are no boundary markers or instructions to the agent to ignore embedded instructions within the scraped web content.
Capability inventory: The agent has the capability to write files (screenshots/logs) and execute shell commands via the provided scripts.
Sanitization: There is no sanitization or validation of the text extracted from the web application before it is presented to the agent.
[EXTERNAL_DOWNLOADS]: The skill's documentation and scripts assume the presence of playwright, npm, and other development tools, though it does not explicitly perform remote downloads during initialization in the provided files.

webapp-testing