Skills
skills/promptadvisers/claude-code-polished-documents-skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The script scripts/with_server.py uses subprocess.Popen(server['cmd'], shell=True) and subprocess.run(args.command).
  • This allows for arbitrary shell command execution passed via command-line arguments.
  • While intended for managing local dev servers (e.g., npm run dev), the shell=True parameter combined with Popen allows for command chaining and injection if the arguments are sourced from untrusted user input.
  • [DATA_EXFILTRATION] (LOW): The skill utilizes Playwright to capture screenshots and console logs, saving them to paths like /tmp/ and /mnt/user-data/outputs/.
  • While these are standard output paths for the environment, an attacker could potentially use the automation scripts to navigate to sensitive local URLs (e.g., cloud metadata services or internal admin panels) and capture sensitive data via screenshots.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process web content.
  • Ingestion points: The page.content() and page.locator() methods in SKILL.md and example scripts ingest HTML/JS content from potentially untrusted local or remote web servers.
  • Boundary markers: None detected in the provided scripts; the agent is instructed to read the DOM to identify selectors.
  • Capability inventory: The skill can execute shell commands (subprocess.run), write files (open().write()), and perform network requests (via Playwright).
  • Sanitization: There is no sanitization of the web content before it is parsed for selectors or printed to the console.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 05:22 PM