webapp-testing
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (HIGH): The script 'scripts/with_server.py' utilizes 'subprocess.Popen(shell=True)' to run commands provided via the '--server' flag and 'subprocess.run()' for trailing arguments. This allows the execution of arbitrary shell commands within the host environment.
- [Prompt Injection] (MEDIUM): The 'SKILL.md' file contains instructions such as 'DO NOT read the source until you try running the script first' and 'exist to be called directly as black-box scripts'. This is a suspicious pattern designed to bypass the agent's ability to audit the code it executes.
- [Indirect Prompt Injection] (LOW): The skill has an attack surface for instructions embedded in processed web data. 1. Ingestion points: 'examples/element_discovery.py' uses 'page.content()' and 'page.locator().all()'. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls in 'scripts/with_server.py' and file writing in example scripts. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata