Skills
skills/acaprino/alfio-claude-plugins/playwright-skill/Gen Agent Trust Hub

playwright-skill

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses execSync in run.js to automate the installation of dependencies and browser binaries.
  • [EXTERNAL_DOWNLOADS]: Fetches the playwright library and the Chromium browser from official registries (NPM and Microsoft) during initialization.
  • [COMMAND_EXECUTION]: Implements a dynamic execution pattern where agent-generated JavaScript is written to temporary files and executed via require() to fulfill automation requests.
  • [PROMPT_INJECTION]: Identified an indirect prompt injection attack surface:
  • Ingestion points: Web content is ingested via page.goto() in SKILL.md and lib/helpers.js workflows.
  • Boundary markers: No specific delimiters or safety instructions are applied to separate external page content from agent instructions.
  • Capability inventory: The skill has broad capabilities including file system access, network operations, and full Node.js execution through run.js.
  • Sanitization: External web data is processed without sanitization or filtering logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:15 AM