webapp-testing
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The helper script
scripts/with_server.pyis designed to take shell commands as arguments (e.g., via the--serverflag) and execute them. This provides a direct path for arbitrary command execution if the agent is manipulated into passing malicious strings. Evidence: Examples show usage like 'python scripts/with_server.py --server "cd backend && python server.py"'. - PROMPT_INJECTION (MEDIUM): The skill contains instructions that discourage the agent from inspecting its own tools, specifically: 'DO NOT read the source until you try running the script first' and 'Use bundled scripts as black boxes'. This is a deceptive pattern that prevents the agent from performing security self-audits.
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill ingests untrusted data from web pages and uses it to drive subsequent actions. 1. Ingestion points: Web pages loaded via
page.goto()and analyzed viapage.content(). 2. Boundary markers: Absent. 3. Capability inventory:with_server.py(shell execution),playwright(browser control), file writing via screenshots. 4. Sanitization: Absent; the agent is encouraged to use discovered selectors directly.
Audit Metadata