webapp-testing
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The utility script
scripts/with_server.pyusessubprocess.Popenwith theshell=Trueparameter to launch local web servers. This allows it to execute complex shell commands provided via the--serverargument, such as those including directory changes (cd) or multiple operations connected by&&. While intended for legitimate server management, this provides a powerful command execution interface.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from external sources.\n - Ingestion points: Data enters the agent context through
page.content(), browser console logs, and element discovery methods (page.locator) within Playwright scripts.\n - Boundary markers: The instructions lack explicit delimiters or specific 'ignore embedded instructions' warnings for the agent when it is processing the HTML or console output of a web application.\n
- Capability inventory: The skill possesses capabilities to write files (screenshots and log files) and execute shell commands through the
with_server.pyutility.\n - Sanitization: There is no logic provided to sanitize or filter the data retrieved from browser sessions before it is processed by the agent.
Audit Metadata