webapp-testing
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The utility script
scripts/with_server.pyusessubprocess.Popenwithshell=Trueto execute server commands andsubprocess.runto execute primary test commands. This allows for arbitrary command execution based on provided arguments. While intended for testing orchestration, this capability is a significant security risk if command strings are constructed from or influenced by untrusted external data. - [PROMPT_INJECTION]: The skill provides browser automation examples (
examples/console_logging.py,examples/element_discovery.py) that are vulnerable to indirect prompt injection. - Ingestion points: The scripts capture external data from web pages, including browser console logs and HTML element text, via Playwright.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the provided scripts or documentation.
- Capability inventory: The skill possesses powerful capabilities including arbitrary shell command execution (via
scripts/with_server.py) and local file system write access (viaexamples/scripts). - Sanitization: There is no evidence of sanitization or validation performed on the captured browser logs or page content before they are processed by the agent, allowing malicious instructions in web content to influence agent behavior.
Audit Metadata