Skills
skills/sargupta/sahayakai/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/with_server.py utilizes subprocess.Popen with shell=True to execute commands passed as arguments. This provides a mechanism for arbitrary command execution on the host system.
  • [COMMAND_EXECUTION]: The skill encourages the agent to write and execute its own Python Playwright scripts, which constitutes dynamic code execution based on agent-generated logic.
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection as it processes untrusted data from web pages during testing.
  • Ingestion points: HTML content and DOM elements are ingested using page.content() and page.locator().all() in examples/element_discovery.py and SKILL.md.
  • Boundary markers: No delimiters or safety instructions are provided to help the agent distinguish between application data and instructions.
  • Capability inventory: The agent can execute shell commands through the with_server.py utility and perform file system operations.
  • Sanitization: There is no evidence of sanitization or filtering applied to the web content before it is analyzed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 01:34 AM