Skills
skills/involvex/aetheris/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/with_server.py is designed to execute arbitrary shell commands. It uses subprocess.Popen with shell=True to run server commands provided via the --server argument and subprocess.run to execute the main command. This functionality allows for unrestricted command execution on the host system.
  • [PROMPT_INJECTION]: The skill facilitates the processing of untrusted data from web pages and browser console logs through Playwright in examples/element_discovery.py and examples/console_logging.py. This creates an indirect prompt injection surface where malicious instructions embedded in a web application could influence the agent's behavior, especially given its access to shell execution tools.
  • Ingestion points: page.content(), page.locator().all(), and console event listeners.
  • Boundary markers: None present to separate web data from agent instructions.
  • Capability inventory: Arbitrary shell execution via scripts/with_server.py and file system writes in examples/ scripts.
  • Sanitization: No sanitization or validation is performed on data retrieved from the browser context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 26, 2026, 04:43 PM