Skills
skills/zhanlincui/agent-skills-hunter/webapp-testing/Gen Agent Trust Hub

webapp-testing

Warn

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper script scripts/with_server.py uses subprocess.Popen with shell=True to execute server commands provided via the --server argument. This allows for the execution of arbitrary shell logic, including command chaining.
  • [COMMAND_EXECUTION]: The same script executes the main automation command using subprocess.run. While this does not use a shell, the arguments are dynamically provided by the agent.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
  • Ingestion points: The agent ingests data from external web pages and console logs in examples/element_discovery.py and examples/console_logging.py.
  • Boundary markers: No explicit markers or instructions are provided to the agent to ignore or isolate instructions found within the scraped data.
  • Capability inventory: The skill provides a mechanism for shell command execution through the scripts/with_server.py script.
  • Sanitization: No sanitization or validation is performed on the content retrieved from web pages before it is used by the agent to determine subsequent steps.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 12, 2026, 02:59 AM