Skills
skills/eyadsibai/ltk/webapp-testing/Gen Agent Trust Hub

webapp-testing

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is highly susceptible to indirect prompt injection attacks because it processes external, untrusted content from web applications while maintaining high-privilege capabilities.
  • Ingestion points: page.content(), btn.inner_text(), and page.on('console', ...) as shown in SKILL.md.
  • Boundary markers: Absent. Content is processed directly without delimiters or instructions to ignore embedded commands.
  • Capability inventory: subprocess.Popen (command execution) and page.screenshot (file writing) as shown in SKILL.md.
  • Sanitization: None. The agent treats the rendered DOM and logs as data to be acted upon.
  • Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill executes system commands via subprocess.Popen(['npm', 'run', 'dev'], ...). While used for server management here, the use of subprocess is a high-risk capability that can be exploited if the agent is manipulated into running other commands.
  • Data Exposure & Exfiltration (MEDIUM): The use of page.screenshot() and printing btn.inner_text() can expose sensitive information from the web application being tested (e.g., PII, session tokens, or internal configuration) to the agent's output context or the local filesystem.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:21 AM