Skills
skills/senweaver/senweaver-ide/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use 'run_command' and 'run_persistent_command' to start development servers. This allows for the execution of arbitrary shell commands on the host environment.
  • [REMOTE_CODE_EXECUTION]: The 'browser_action' tool includes an 'evaluate' action which enables the execution of arbitrary JavaScript code within the browser context. This can be used to manipulate page state or access internal browser data.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection when performing testing on untrusted external applications.
  • Ingestion points: External content enters the agent's context through 'get_content', 'get_elements', and 'screenshot' actions performed on target URLs.
  • Boundary markers: The instructions do not define delimiters or provide warnings to the agent to disregard instructions found within the HTML or text of the application under test.
  • Capability inventory: The agent possesses significant capabilities, including local shell access ('run_command') and client-side code execution ('evaluate').
  • Sanitization: The skill does not implement any validation or sanitization for data retrieved from web pages before processing it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 08:49 AM