Skills
skills/phrazzld/agent-skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes content from web applications that may be untrusted.
  • Ingestion points: The agent is instructed to read rendered DOM content and page source using page.content() and page.locator() in SKILL.md.
  • Boundary markers: Absent. The instructions do not include markers or warnings to ignore potential instructions embedded within the HTML of the site being tested.
  • Capability inventory: The agent can execute local shell commands via with_server.py and run dynamic Python scripts, creating a high-impact path if injection occurs.
  • Sanitization: Absent. The skill does not implement validation or escaping for the data retrieved from the browser before the agent uses it for decision-making.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands provided as arguments to helper scripts.
  • Evidence: The documentation for scripts/with_server.py demonstrates using the --server flag to execute commands such as npm run dev or python server.py.
  • [REMOTE_CODE_EXECUTION]: The skill workflow requires the agent to dynamically generate and execute local Python code.
  • Evidence: The skill instructions guide the agent to "write native Python Playwright scripts" and execute them using the local Python interpreter to perform automation tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 06:57 AM