using-webctl
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DYNAMIC_EXECUTION] (MEDIUM): The
setup_webctl.pyscript performs a 'hot-patch' on the installedwebctllibrary. It copiesauth_proxy.pyinto the library's internal directory and programmatically modifiessession_manager.pyto import and execute the new module. Modifying library code at runtime is a sensitive operation that can introduce stability or security risks if the source is untrusted. - [COMMAND_EXECUTION] (LOW): The skill utilizes
subprocess.run(shell=True)withinsetup_webctl.pyto automate the installation and configuration of the environment. This includes runningpip installand thewebctlCLI. This is consistent with the skill's stated purpose of setting up a browser automation environment. - [EXTERNAL_DOWNLOADS] (LOW): The setup process involves downloading the
webctlpackage from PyPI and subsequently usingwebctl setupto download the Chromium browser binary. These are standard external dependencies for this functional use case. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill provides the ability to browse and extract content from arbitrary websites via
webctl snapshotandwebctl query. This creates an attack surface where malicious web content could attempt to influence the agent's logic. - Ingestion points:
webctl snapshottext output andwebctl queryresults processed by the agent. - Boundary markers: None explicitly implemented within the skill's Python scripts; relies on the agent's internal handling.
- Capability inventory: Includes file system write access (patching), network access (browsing), and command execution capabilities.
- Sanitization: No explicit sanitization or filtering of web content is performed by the scripts before passing data to the agent.
Audit Metadata