webapp-testing
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The script
scripts/with_server.pyusessubprocess.Popen(cmd, shell=True)to execute strings provided via the--serverargument. This is a dangerous pattern that allows for arbitrary shell command injection if the input command is influenced by untrusted data or indirect prompt injection. - Obfuscation (MEDIUM): The
SKILL.mdfile contains explicit instructions to the agent: 'DO NOT read the source until you try running the script first' and 'They exist to be called directly as black-box scripts rather than ingested into your context window.' This pattern discourages the agent from auditing the underlying code, which contains the aforementionedshell=Truesecurity risk. - Indirect Prompt Injection Surface (LOW): The skill is designed to ingest and interact with web application content. This creates an attack surface where a malicious web page could provide instructions that, if followed by the agent to construct a testing command, would result in command execution on the host system via
with_server.py.
Audit Metadata