webapp-testing
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The script
scripts/with_server.pyusessubprocess.Popenwithshell=Trueto execute server commands provided via the--serverargument. This allows for arbitrary shell command execution with the privileges of the agent process. - DYNAMIC_EXECUTION (MEDIUM): The skill's primary workflow involves the AI agent writing and executing 'native Python Playwright scripts' at runtime. While necessary for the skill's purpose, this represents a capability for arbitrary code execution.
- INDIRECT_PROMPT_INJECTION (LOW): The skill instructs the agent to ingest untrusted data (DOM content, console logs) from web applications to identify selectors and determine its next actions. This creates a vulnerability where a malicious web page could influence the agent's behavior.
- Ingestion points:
page.content(),page.locator().all(), and console logs captured inexamples/console_logging.py. - Boundary markers: None. The instructions do not specify any delimiters or warnings to ignore instructions found within the web page content.
- Capability inventory: Arbitrary shell execution via
scripts/with_server.pyand arbitrary Python execution through script generation. - Sanitization: None. The agent is encouraged to use discovered content directly to formulate scripts and commands.
Audit Metadata