playwright-mcp
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing browser engines via the official Playwright MCP package on npm. This is a download from a well-known and trusted technology service.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when interacting with external websites.
- Ingestion points: The agent reads content from arbitrary URLs via browser_navigate as seen in SKILL.md.
- Boundary markers: There are no instructions to delineate or ignore potential malicious commands within the web content.
- Capability inventory: The skill provides access to powerful tools like browser_fill_form and browser_run_code_unsafe (listed in references/tool-inventory.md).
- Sanitization: The skill lacks mechanisms to sanitize or validate external content before the agent acts on it.
Audit Metadata