WebAssessment
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
WebappScripts/with_server.pyusessubprocess.Popenwithshell=Trueto execute arbitrary shell commands provided by the user to start local development servers. - [DATA_EXFILTRATION]: The
VulnerabilityAnalysisGemini3.mdworkflow instructs the agent to aggregate and send consolidated security scan findings (which may include IP addresses, endpoints, and technology stack details) to external LLM APIs for automated analysis. - [PROMPT_INJECTION]: The
VulnerabilityAnalysisGemini3.mdworkflow establishes an attack surface for indirect prompt injection by ingesting untrusted data from multiple security scanners directly into LLM prompts for reasoning tasks. - [EXTERNAL_DOWNLOADS]: The
BugBountyToolfetches bug bounty program metadata and commit history from the well-knownarkadiyt/bounty-targets-datarepository on GitHub. - [COMMAND_EXECUTION]: Multiple OSINT and reconnaissance workflows (e.g.,
Automation.md) recommend the use of automated scanning pipelines and persistence mechanisms likecronfor continuous monitoring.
Audit Metadata