Skills
skills/ypyt1/all-skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper script scripts/with_server.py uses subprocess.Popen with shell=True to execute commands passed via the --server argument. This allows for arbitrary shell command execution on the host system.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from external web pages and browser console logs. Ingestion points: The skill explicitly instructs reading page content via page.content() (in SKILL.md) and capturing console messages (in examples/console_logging.py). Boundary markers: No delimiters or instructions are used to distinguish untrusted web content from the agent's internal instructions. Capability inventory: The skill environment provides access to shell execution via subprocess.run and subprocess.Popen in the provided scripts. Sanitization: There is no evidence of sanitization, escaping, or filtering of the fetched content or logs before they are handled by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 01:38 AM