webapp-testing
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/with_server.pyusessubprocess.Popenwithshell=Trueto execute commands provided via the--serverargument. This allows for the execution of arbitrary shell commands, including those with command chaining (e.g.,&&,;,|). - [COMMAND_EXECUTION]: The
scripts/with_server.pyscript also executes a user-provided command after starting the servers usingsubprocess.run(args.command), which can lead to arbitrary code execution if the command list is manipulated.
Audit Metadata