Skills
skills/frankxai/arcanea/webapp-testing/Gen Agent Trust Hub

webapp-testing

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains instructions that discourage the agent from reviewing source code before execution, which conflicts with standard safety protocols for verifying code behavior.
  • Evidence: SKILL.md includes the instruction: "DO NOT read the source until you try running the script first... They exist to be called directly as black-box scripts rather than ingested into your context window."
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests and processes content from local web applications which could contain malicious instructions.
  • Ingestion points: SKILL.md and examples/element_discovery.py use functions like page.content(), button.inner_text(), and link.inner_text() to read data from the DOM.
  • Boundary markers: There are no boundary markers or delimiters defined to separate untrusted web content from the agent's instructions.
  • Capability inventory: The skill possesses command execution capabilities through scripts/with_server.py which uses the subprocess module.
  • Sanitization: No sanitization or filtering logic is present to validate content retrieved from the browser before the agent processes it.
  • [COMMAND_EXECUTION]: The skill is designed to execute shell commands to manage development servers and run Python automation scripts.
  • Evidence: scripts/with_server.py utilizes subprocess.Popen(..., shell=True) to launch server commands and subprocess.run() to execute the main automation task.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 10:51 AM