Skills
skills/nymbo/skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The script scripts/with_server.py uses subprocess.Popen with shell=True to start servers and subprocess.run to execute automation commands. These commands are constructed from command-line arguments that can be influenced by the agent. Evidence: subprocess.Popen(server['cmd'], shell=True) and subprocess.run(args.command) in scripts/with_server.py.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The skill is designed around the agent generating and executing dynamic Python code via Playwright to interact with web applications. Evidence: Procedural instructions in SKILL.md and multiple files in the examples/ directory.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted content from web applications (HTML content and console logs) and includes it in the agent's context without sanitization or boundary markers. Ingestion points: page.content() and page.on('console', ...) in example scripts.
  • [COMMAND_EXECUTION] (MEDIUM): Deceptive instructions are present in SKILL.md, which contains an instruction telling the agent 'DO NOT read the source until you try running the script first'. This instruction discourages the agent from identifying the unsafe use of shell=True in the helper scripts prior to execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:29 PM