Skills
skills/pikachu-lemon/anthropics-skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The SKILL.md file explicitly instructs the agent to "DO NOT read the source until you try running the script first", which is a deceptive pattern aimed at discouraging security verification of the skill's code.
  • [COMMAND_EXECUTION]: The script scripts/with_server.py uses subprocess.Popen with shell=True to run commands provided as arguments, creating a risk of command injection if the inputs are not strictly controlled.
  • [PROMPT_INJECTION]: The skill processes untrusted web data, making it vulnerable to indirect prompt injection. Evidence: (1) Ingestion points: examples/element_discovery.py and examples/console_logging.py read DOM and console content. (2) Boundary markers: None present. (3) Capability inventory: Shell command execution and filesystem write access. (4) Sanitization: None performed on web data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 11:40 AM