Skills
skills/rafaelcalleja/claude-market-place/webapp-testing/Gen Agent Trust Hub

webapp-testing

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/with_server.py uses subprocess.Popen with shell=True to execute arbitrary commands provided via the --server argument. This is intended to facilitate the lifecycle of local development servers but allows for general shell command execution within the environment.\n- [PROMPT_INJECTION]: The skill instructions and example scripts encourage the agent to inspect and interpret rendered DOM content (e.g., in SKILL.md and examples/element_discovery.py). This creates a surface for indirect prompt injection where malicious instructions embedded in a web page could influence the agent's actions.\n
  • Ingestion points: The agent ingests data from web pages using page.content(), page.locator().all(), and page.screenshot() as specified in SKILL.md.\n
  • Boundary markers: There are no explicit instructions or delimiters used to separate untrusted web content from the agent's core instruction set.\n
  • Capability inventory: The agent has the ability to write and execute Python scripts and run shell commands via the with_server.py utility.\n
  • Sanitization: No sanitization or filtering logic is present to validate or escape content retrieved from the browser before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 12:04 PM