Skills
skills/ttmouse/skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). Ingestion points: Data is ingested via page.content(), page.screenshot(), and console log capture in examples/console_logging.py and examples/element_discovery.py. Boundary markers: There are no instructions to the agent to treat page content as untrusted or to ignore instructions embedded in the DOM. Capability inventory: The skill uses scripts/with_server.py which executes arbitrary shell commands via subprocess.Popen(shell=True). Sanitization: None.
  • [COMMAND_EXECUTION] (HIGH): The helper script scripts/with_server.py uses subprocess.Popen(..., shell=True) to execute server commands. This provides a direct path for shell injection if the command strings are influenced by untrusted user or web input.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): In SKILL.md, the instruction 'DO NOT read the source until you try running the script first' encourages the agent to execute code without verification, which is a significant security anti-pattern.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:03 PM