Playwright Test Recorder
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill utilizes the official 'microsoft/playwright' browser automation framework, which is a widely recognized and trusted tool in the developer community.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because its core functionality involves ingesting and processing content from external, untrusted websites during scraping and testing operations.
- Ingestion points: External web page content is loaded into the agent's context through Playwright's page actions and scraping capabilities.
- Boundary markers: The instructions do not specify any explicit markers or delimiters to isolate untrusted web content from agent instructions.
- Capability inventory: The skill has significant capabilities including browser automation, screenshot capture, and test execution via the Playwright test runner.
- Sanitization: No specific sanitization, validation, or filtering of external web content is described in the skill metadata or body.
- [EXTERNAL_DOWNLOADS]: The skill provides standard installation instructions using 'npx' to fetch the skill from the vendor's repository ('agentskillexchange'). These are routine operations for adding capabilities to supported AI agents.
- [SAFE]: The documentation correctly identifies that sensitive information like credentials, service tokens, and connection strings should be managed via environment variables or workspace configuration, which is a security best practice for automation tooling.
- [SAFE]: The metadata includes a 'security_reviewed' tag. As per audit requirements, this self-claim is recorded as data but the security assessment is derived solely from the analyzer's independent evaluation of the skill's behavior and source code content.
Audit Metadata