The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The script scripts/with_server.py uses subprocess.Popen with shell=True to execute strings passed to the --server argument. This allows for arbitrary shell command execution, which is a high-risk pattern if the agent is influenced to run malicious strings.- [PROMPT_INJECTION] (LOW): The skill is highly susceptible to Indirect Prompt Injection. It is designed to navigate to web applications and extract information from the rendered DOM (element_discovery.py) and console logs (console_logging.py). An attacker-controlled web page could include instructions in HTML or console messages designed to trick the agent into executing unintended actions. 1. Ingestion points: page.content() and page.on('console', ...) in example scripts. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution via with_server.py and full browser control via Playwright. 4. Sanitization: None.- [PROMPT_INJECTION] (LOW): The SKILL.md file contains instructions that discourage the agent from inspecting the source code of its own scripts ("DO NOT read the source until you try running the script first"). While justified as a context management technique, this behavior hinders the agent's ability to verify the safety of the tools it executes.

webapp-testing