webapp-testing
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute arbitrary shell commands (e.g., 'npm run dev', 'python server.py') provided as arguments to the 'scripts/with_server.py' utility to manage application servers.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it directs the agent to ingest and interpret HTML and DOM content from web applications being tested. 1. Ingestion points: The agent reads content via 'page.content()', 'page.locator().all()', and direct reading of local HTML files. 2. Boundary markers: There are no instructions to use delimiters or ignore embedded instructions within the ingested content. 3. Capability inventory: The agent has the capability to execute shell commands and write to the filesystem (e.g., '/tmp/inspect.png'). 4. Sanitization: No sanitization or validation of the ingested web content is performed before the agent processes it.
- [NO_CODE]: The skill's primary logic resides in external scripts such as 'scripts/with_server.py' and various examples (e.g., 'element_discovery.py') which are referenced in the documentation but not included in the skill package for verification.
Audit Metadata