Playwright Network Interceptor
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation instructions use
npxto fetch and execute a skill manager from a remote registry to install the tool components. - [COMMAND_EXECUTION]: The installation process requires the execution of shell commands (
npx skills add) to integrate the tool into the agent's environment. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external websites via Playwright's network interception (API responses, WebSocket frames, and HAR files). This creates a vulnerability to indirect prompt injection if the agent processes this data as instructions without proper sanitization.
- Ingestion points: Intercepted network traffic, API responses, and real-time WebSocket streams.
- Boundary markers: None specified in the documentation to distinguish between data and instructions.
- Capability inventory: The skill utilizes Playwright, which has capabilities for file system access (recording HAR files) and network operations (request modification, proxying).
- Sanitization: No sanitization or validation of the intercepted content is described.
Audit Metadata