Skills
skills/lv416e/dotfiles/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/with_server.py uses subprocess.Popen with shell=True to execute commands passed via the --server argument. This allows for arbitrary shell command execution and is vulnerable to injection if the agent processes malicious input.
  • [PROMPT_INJECTION]: SKILL.md contains instructions that discourage the agent from inspecting the script source code, which could be used to hide malicious logic or bypass safety checks.
  • [REMOTE_CODE_EXECUTION]: Indirect Prompt Injection Surface: 1. Ingestion points: examples/console_logging.py (console messages), examples/element_discovery.py (DOM elements), and page.content() calls in SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: scripts/with_server.py can execute arbitrary shell commands via subprocess, and Playwright can interact with local and remote network resources. 4. Sanitization: No sanitization is performed on data scraped from web pages before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 10:36 PM