webapp-testing
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The helper script
scripts/with_server.pyutilizessubprocess.Popenwithshell=Trueto run commands provided via the--serverargument. This capability is used to support complex shell commands for server startup but could be abused if inputs are untrusted.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to visit and extract data from web pages. - Ingestion points: Data is ingested via
page.content(),page.locator().all(), and screenshots as demonstrated inexamples/element_discovery.pyand recommended inSKILL.md. - Boundary markers: The skill does not implement boundary markers or instructions to isolate web content from agent instructions.
- Capability inventory: The skill can execute shell commands through
scripts/with_server.pyand write to the local filesystem as seen inexamples/console_logging.py. - Sanitization: Web content is not sanitized or validated before being presented to the agent for reconnaissance and action planning.
Audit Metadata