webapp-testing
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The utility script
scripts/with_server.pyexecutes arbitrary shell commands usingsubprocess.Popenwithshell=True. This allows execution of commands provided via the--serverargument, which can be exploited to run unauthorized shell commands if the inputs are not strictly controlled. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from external web content and browser logs.
- Ingestion points: Browser console logs are captured in
examples/console_logging.py(lines 15-22), and page element text is scraped inexamples/element_discovery.py(lines 14-38). - Boundary markers: Absent. There are no delimiters or instructions provided to the agent to disregard commands found in the ingested web content.
- Capability inventory: The skill possesses the ability to execute shell commands (via
scripts/with_server.py) and write files to the filesystem. - Sanitization: No validation or filtering is performed on the data retrieved from the browser before it is processed or logged.
Audit Metadata