Skills
skills/jayzeedesign/awesome-claude-skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The script scripts/with_server.py utilizes subprocess.Popen with shell=True to run commands passed through the --server argument. This configuration is highly susceptible to shell injection attacks, allowing for the execution of arbitrary system commands if the input is manipulated.\n- [PROMPT_INJECTION] (MEDIUM): The SKILL.md file contains a specific instruction: 'DO NOT read the source until you try running the script first'. This is an adversarial pattern intended to prevent the AI from auditing the code for security flaws before execution.\n- [INDIRECT_PROMPT_INJECTION] (LOW):\n
  • Ingestion points: The skill ingests untrusted data from web pages via page.content(), page.locator().all(), and browser console logs in examples/element_discovery.py and examples/console_logging.py.\n
  • Boundary markers: None. No delimiters or warnings are used to signal that the browser content may contain instructions.\n
  • Capability inventory: The skill can execute shell commands (with_server.py), write files (examples/static_html_automation.py), and has full network access via Playwright.\n
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the web before the agent processes it.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:49 PM