webapp-testing
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/with_server.pyis designed to execute arbitrary shell commands provided via arguments to start local development servers and run automation tasks. It utilizessubprocess.Popenwithshell=Trueandsubprocess.runto facilitate these operations, which is the primary intended functionality of the toolkit. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing untrusted data from the web applications being tested.
- Ingestion points: Browser console logs are captured in
examples/console_logging.pyusingpage.on("console", ...), and DOM content is read inexamples/element_discovery.pyusingpage.locator(...).all()andinner_text(). - Boundary markers: Absent. The instructions and scripts do not provide delimiters or instructions to the agent to ignore potentially malicious commands embedded in the captured web content.
- Capability inventory: The skill possesses the capability to execute shell commands through the
scripts/with_server.pyutility. - Sanitization: Absent. The captured web content and console logs are processed and stored in the output directory without validation or filtering for adversarial instructions.
Audit Metadata