Skills
skills/xfstudio/skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The script scripts/with_server.py uses subprocess.Popen with shell=True to execute server commands. This allows for potential command injection if the strings provided to the --server flag are not strictly validated.
  • PROMPT_INJECTION (LOW): The skill instructions explicitly tell the agent 'DO NOT read the source until you try running the script first', which discourages self-auditing and could be used to hide malicious logic in the helper scripts.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to interact with and extract content from web applications using Playwright. Evidence Chain: 1. Ingestion points: page.content() and DOM interaction. 2. Boundary markers: Absent. 3. Capability inventory: Arbitrary shell execution via with_server.py. 4. Sanitization: None. This creates a surface where malicious web content could influence the agent's actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:31 PM