The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The scripts/with_server.py utility uses subprocess.Popen with shell=True and subprocess.run to execute commands passed as command-line arguments. This provides an unconstrained execution primitive that could be exploited if arguments are influenced by untrusted external data.\n- [PROMPT_INJECTION] (LOW): SKILL.md contains an instruction for the agent to 'DO NOT read the source until you try running the script first', which is an attempt to limit the agent's visibility into the skill's implementation and potential security risks.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process external web content (DOM and console logs) which could contain malicious instructions for the agent.\n
Ingestion points: examples/element_discovery.py (DOM inspection) and examples/console_logging.py (browser logs).\n
Boundary markers: None; web content is treated as trusted data without delimiters.\n
Capability inventory: Arbitrary shell command execution through scripts/with_server.py and browser-based filesystem/network access via Playwright.\n
Sanitization: No validation or sanitization of ingested content is performed before it is presented to the agent's context.

webapp-testing