webapp-testing
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses subprocess execution to manage local development servers for testing dynamic applications.
- Evidence: The
SKILL.mdfile provides code examples usingsubprocess.Popento execute commands likenpm run dev. - Context: The skill enforces strict security rules, specifically the 'Iron Law' of using
shell=Falseand array arguments to mitigate command injection risks. - [PROMPT_INJECTION]: The skill's primary function involves processing external data from web pages, creating a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through page content inspection, title reading, and browser console log capture as described in
SKILL.md. - Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the content retrieved from the browser.
- Capability inventory: The agent possesses the
Bash,Write, and Playwright automation capabilities, which could be misused if the agent inadvertently follows instructions embedded in a tested web page. - Sanitization: There is no evidence of sanitization or filtering of the extracted DOM content or console logs before the agent processes them.
Audit Metadata