Skills
skills/leastbit/claude_skills_zh-cn/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The utility scripts/with_server.py uses subprocess.Popen with shell=True to execute server start commands and subprocess.run for automation commands. This allows for arbitrary shell execution, which is dangerous if the agent's logic is influenced by untrusted external data. \n- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). \n
  • Ingestion points: Browser console logs via examples/console_logging.py and page element text via examples/element_discovery.py. \n
  • Boundary markers: Absent. The skill does not use delimiters to wrap extracted web content or provide instructions to ignore embedded commands. \n
  • Capability inventory: The ability to execute arbitrary shell commands via scripts/with_server.py provides a high-privilege downstream target for injection attacks. \n
  • Sanitization: Absent. Data from external web pages is processed and printed directly to the agent's context without validation or escaping.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:08 PM