webapp-testing
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a helper script
scripts/with_server.pythat executes arbitrary shell commands provided as arguments for server management. - [COMMAND_EXECUTION]: Instructions guide the agent to dynamically create and execute Python automation scripts, representing a potential arbitrary code execution path.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted web application data.
- Ingestion points: Untrusted web content is ingested via
page.content()and DOM inspection methods likepage.locator().all()as described inSKILL.md. - Boundary markers: No explicit markers or instructions are provided to delimit or ignore instructions found within the processed HTML content.
- Capability inventory: The agent has the capability to execute shell commands via helper scripts and run local Python code.
- Sanitization: No sanitization or validation of the retrieved web content is performed before it is used to influence the agent's decision-making logic.
Audit Metadata