webapp-testing

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/with_server.py is designed to execute arbitrary shell commands provided via arguments to start local development servers and run automation tasks. It utilizes subprocess.Popen with shell=True and subprocess.run to facilitate these operations, which is the primary intended functionality of the toolkit.
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing untrusted data from the web applications being tested.
  • Ingestion points: Browser console logs are captured in examples/console_logging.py using page.on("console", ...), and DOM content is read in examples/element_discovery.py using page.locator(...).all() and inner_text().
  • Boundary markers: Absent. The instructions and scripts do not provide delimiters or instructions to the agent to ignore potentially malicious commands embedded in the captured web content.
  • Capability inventory: The skill possesses the capability to execute shell commands through the scripts/with_server.py utility.
  • Sanitization: Absent. The captured web content and console logs are processed and stored in the output directory without validation or filtering for adversarial instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — webapp-testing