Skills
skills/intelli-train-ai/cc-skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The utility script scripts/with_server.py uses subprocess.Popen with shell=True to run commands passed as arguments, enabling arbitrary command execution.
  • [PROMPT_INJECTION]: SKILL.md contains a directive for the agent to skip reading the source code of helper scripts, which could prevent the agent from identifying malicious behavior in those files.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during web reconnaissance. Ingestion points: Browser console logs and page content are read into the agent's context. Boundary markers: None provided to separate untrusted web data from instructions. Capability inventory: Includes shell command execution and file writing. Sanitization: No filtering is performed on ingested web data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 04:54 PM