webapp-testing
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The script 'scripts/with_server.py' uses subprocess.Popen with shell=True to launch servers from user-provided command strings. This is a high-risk pattern that allows for command injection if the input is influenced by untrusted external data.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection via its core web inspection logic. 1. Ingestion points: page.goto() and page.content() in examples/element_discovery.py. 2. Boundary markers: Absent; there are no instructions to the agent to disregard embedded directives. 3. Capability inventory: Arbitrary command execution via with_server.py and file system writes for screenshots. 4. Sanitization: Absent; the agent is instructed to use the rendered DOM to identify actions directly. Furthermore, SKILL.md contains an instruction ('DO NOT read the source until you try running the script first') that discourages code review, potentially hiding malicious behavior in the script files.
Audit Metadata