Skills
skills/sivag-lab/roth_mcp/webapp-testing/Gen Agent Trust Hub

webapp-testing

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/with_server.py uses subprocess.Popen with shell=True to execute commands passed directly from the --server command-line argument. This allows for arbitrary shell command injection if untrusted or unvalidated input is provided to the script.
  • [PROMPT_INJECTION]: The documentation in SKILL.md contains instructions that explicitly direct the agent to avoid reading the source code of the scripts provided with the skill ("DO NOT read the source until you try running the script first"). This is a deceptive tactic designed to bypass the agent's security review process and prevent it from discovering the dangerous implementation details in the helper scripts.
  • [DATA_EXPOSURE]: The skill facilitates capturing browser screenshots and console logs from local web applications. This capability could be used to exfiltrate sensitive data or credentials displayed on internal testing sites if the agent is directed to targets containing private information.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 06:51 AM