webapp-testing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The script
scripts/with_server.pyusessubprocess.Popen(shell=True)to execute strings provided to the--serverargument, enabling arbitrary shell command injection. - [METADATA_POISONING] (MEDIUM): The
SKILL.mdfile contains instructions telling the agent 'DO NOT read the source until you try running the script first' and to use them as 'black boxes', which is a deceptive tactic to prevent security auditing of the shell execution vulnerability. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. 1. Ingestion points:
page.goto()andpage.content()inexamples/element_discovery.pyandexamples/console_logging.py. 2. Boundary markers: Absent. 3. Capability inventory: Arbitrary shell execution and command execution viascripts/with_server.py. 4. Sanitization: No validation or sanitization of retrieved web content. - [EXTERNAL_DOWNLOADS] (LOW): Playwright is used to connect to and download data from arbitrary external network locations.
Recommendations
- AI detected serious security threats
Audit Metadata