playwright-cli
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill is built entirely around a shell interface (
playwright-cli) that allows the agent to execute arbitrary commands, launch browser processes, and run tests vianpx playwright testas seen inSKILL.mdandreferences/playwright-tests.md. - [REMOTE_CODE_EXECUTION]: The
run-codecommand allows the agent to execute arbitrary JavaScript snippets within the browser context. Examples inreferences/running-code.mddemonstrate execution of logic that can interact with the DOM, modify browser permissions, and handle file downloads. - [CREDENTIALS_UNSAFE]: The skill provides commands to export and import full browser storage states, including cookies and session tokens, to local JSON files (
playwright-cli state-saveandstate-load). Whilereferences/storage-state.mdincludes warnings about committing these files to version control, the capability to harvest and store active session credentials locally is present. - [DATA_EXFILTRATION]: The skill includes extensive data collection capabilities, including
screenshot,pdfgeneration,tracing(capturing network bodies/headers), andconsolelog extraction. These tools can be used to capture and store sensitive information displayed on web pages or transmitted in API requests. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from web pages via
snapshotandevalcommands. This creates a surface where malicious content on a website could influence the agent's behavior. - Ingestion points:
snapshot,eval,network, andconsoleoutputs (various files). - Boundary markers: None explicitly defined to separate untrusted page content from agent instructions during script generation.
- Capability inventory: Full shell access, arbitrary JavaScript execution (
run-code), file writing (screenshot,state-save), and network interaction. - Sanitization: No explicit sanitization of DOM content before it is processed by the agent to generate further automation steps.
Audit Metadata