webapp-testing
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The utility script
scripts/with_server.pyusessubprocess.Popen(shell=True)andsubprocess.run()to manage server processes and execute automation scripts. While this is the intended functionality for local development testing, it provides a powerful capability that could be misused if the agent is influenced by malicious input. - [PROMPT_INJECTION]: The skill contains a significant surface area for indirect prompt injection. \n
- Ingestion points: The agent is instructed to use Playwright to navigate to URLs, inspect rendered DOM content, and capture console logs (as seen in
SKILL.mdandexamples/element_discovery.py). \n - Boundary markers: The skill documentation does not provide boundary markers or explicit instructions for the agent to ignore or isolate instructions found within the web pages it interacts with. \n
- Capability inventory: The agent has the ability to generate and execute local Python scripts and shell commands through the
with_server.pyhelper. \n - Sanitization: No sanitization or validation steps are included to verify that the content retrieved from web applications does not contain instructions that could subvert the agent's logic.
Audit Metadata