webapp-testing
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The utility script
scripts/with_server.pyutilizessubprocess.Popenwithshell=Trueto run commands passed via the--serverflag. This facilitates starting local servers but allows for arbitrary shell command execution if the command strings are influenced by untrusted data. - REMOTE_CODE_EXECUTION (MEDIUM): The skill is designed to have the AI agent author and execute native Python scripts using the Playwright library. This workflow grants the agent broad execution capabilities on the host system.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted data from external web pages.
- Ingestion points: Web content is retrieved via Playwright methods such as
page.content()andpage.locator().inner_text()inexamples/element_discovery.py. - Boundary markers: No specific delimiters or safety warnings are implemented to distinguish between instructions and data when processing page content.
- Capability inventory: The agent can execute shell commands via
scripts/with_server.pyand perform file system operations (writing logs/screenshots). - Sanitization: There is no evidence of sanitization or filtering of the content scraped from web pages before it is processed by the agent.
Audit Metadata