Skills
skills/partme-ai/full-stack-skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The utility script scripts/with_server.py uses subprocess.Popen(..., shell=True) to execute strings provided via the --server argument. This design allows for arbitrary shell command execution if the input is influenced by a malicious actor or malicious instruction.
  • PROMPT_INJECTION (LOW): Indirect prompt injection surface detected. The skill processes external web content and has the ability to execute shell commands and browser interactions based on interpreted data.
  • Ingestion points: Browser console logs (examples/console_logging.py) and DOM content (examples/element_discovery.py and SKILL.md) are read into the agent context.
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in scraped data.
  • Capability inventory: Shell execution via scripts/with_server.py and full browser automation capabilities via Playwright.
  • Sanitization: None; data from web pages is processed without validation or escaping.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:19 PM