The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes a helper script (scripts/with_server.py) that accepts and executes arbitrary shell commands provided via the --server flag. This is an intended feature for managing local development servers during the testing lifecycle. Notably, the instructions discourage the agent from reading the script's source code before execution to save context space, which reduces pre-execution auditing.
[PROMPT_INJECTION]: The skill is designed to ingest and process untrusted content from web applications through methods like page.content() and log inspection. This represents a potential surface for indirect prompt injection where a malicious site could attempt to influence the agent's actions.
Ingestion points: Ingests HTML content via page.content() and captures console logs as described in SKILL.md.
Boundary markers: No explicit boundary markers or instructions to ignore embedded content are provided in the instructions.
Capability inventory: The skill can execute shell commands via the server helper and perform file writes for screenshots.
Sanitization: No evidence of input sanitization or validation of the ingested web content is present.
[NO_CODE]: The analysis is performed on the SKILL.md file only. The actual implementation of scripts/with_server.py and the example scripts mentioned in the documentation were not provided for security verification.

webapp-testing