moai-playwright-webapp-testing
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The utility script
scripts/with_server.pyutilizessubprocess.Popenwithshell=Trueto launch server processes. This pattern is susceptible to shell injection vulnerabilities if command strings are constructed from untrusted or unvalidated input. - [COMMAND_EXECUTION]: The skill is configured to use the
Bashtool, which grants the agent broad command-line access to the host environment. While required for the intended purpose of test orchestration, it increases the overall attack surface. - [DYNAMIC_EXECUTION]: The file
examples/ai-powered-testing.pycontains logic to dynamically generate Python source code from templates. The runtime creation of executable code is a sensitive capability that could be abused if the templates incorporate untrusted data. - [DATA_EXPOSURE]: The skill performs file system operations, including writing logs and screenshots to
/mnt/user-data/outputs/and/tmp/, which exposes internal diagnostic information. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core functionality involves fetching and analyzing content from external web applications.
- Ingestion points: Untrusted data enters the agent context via
WebFetchand Playwright navigation to user-provided URLs inAITestPatternRecognizerandEnterpriseTestOrchestrator. - Boundary markers: The skill does not implement explicit boundary markers or instructions to prevent the agent from interpreting text found on web pages as commands.
- Capability inventory: The agent possesses powerful capabilities, including the
Bashtool for shell execution and theWriteandEdittools for file modification. - Sanitization: Content retrieved from external web pages is not sanitized or filtered before being used to inform test generation strategies or reports.
Audit Metadata