Skills
skills/hanli0705/lead_agent/webapp-testing/Gen Agent Trust Hub

webapp-testing

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The SKILL.md file contains explicit instructions ('DO NOT read the source until you try running the script first') designed to bypass the agent's security auditing processes and treat scripts as 'black boxes'.\n- COMMAND_EXECUTION (HIGH): The scripts/with_server.py utility uses subprocess.Popen(shell=True) to execute arbitrary strings provided via the --server argument, which allows for unauthorized system command execution.\n- PROMPT_INJECTION (HIGH): The skill creates a high-risk attack surface for indirect prompt injection by ingesting untrusted content from web applications and using that data to drive high-privilege actions.\n
  • Ingestion points: page.goto() and page.content() in element_discovery.py and SKILL.md.\n
  • Boundary markers: None present.\n
  • Capability inventory: subprocess.Popen(shell=True) in with_server.py, file system writes in console_logging.py, and interactive browser sessions.\n
  • Sanitization: None present.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 04:06 AM