Skills
skills/teachingai/full-stack-skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The script scripts/with_server.py uses subprocess.Popen(..., shell=True) to execute the string provided via the --server argument. This pattern is susceptible to shell injection if the agent interpolates untrusted user input into the command string.
  • [PROMPT_INJECTION] (LOW): SKILL.md contains instructions (e.g., 'DO NOT read the source until you try running the script first') that discourage the agent from performing security audits or understanding the logic of the scripts it executes, which could be leveraged to hide malicious behavior.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a high-risk capability/ingestion chain.
  • Ingestion points: examples/element_discovery.py reads inner_text() from web elements; examples/console_logging.py captures arbitrary browser console logs.
  • Boundary markers: None. The script output is printed directly into the agent's context.
  • Capability inventory: The skill allows arbitrary shell command execution via scripts/with_server.py and browser interactions (click, fill) via Playwright.
  • Sanitization: None. Data from external web pages is processed as raw text.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:01 PM