Skills
skills/vadimcomanescu/codex-skills/webapp-testing/Gen Agent Trust Hub

webapp-testing

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/with_server.py uses subprocess.Popen(cmd, shell=True) and subprocess.run(args.command) to execute commands provided via command-line arguments. This is intended to start local development servers (e.g., 'npm run dev') and run test scripts, but it allows for arbitrary command execution on the host machine.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it interacts with and captures data from external web applications.
  • Ingestion points: The scripts in assets/playwright-examples/ capture DOM elements using page.locator().all() and console logs using page.on('console', ...), which are then presented to the agent.
  • Boundary markers: There are no markers or instructions in the templates to help the agent distinguish between application data and instructions.
  • Capability inventory: The skill has the capability to execute arbitrary shell commands via the with_server.py helper script and write to the local filesystem.
  • Sanitization: No validation or sanitization is performed on the captured web content or console logs before they are processed by the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 07:13 AM
Security Audit — agent-trust-hub — webapp-testing