playwright
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto fetch and run the@playwright/clipackage from the official NPM registry, ensuring the tool is available even if not installed globally. - [COMMAND_EXECUTION]: Provides a shell wrapper script
scripts/playwright_cli.shthat mediates interaction between the agent and the Playwright CLI tool. - [REMOTE_CODE_EXECUTION]: Supports browser-level code execution via
evalandrun-codecommands, allowing the agent to run arbitrary JavaScript within the target website's context for tasks like data extraction or complex interactions. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted data from the web.
- Ingestion points: The agent ingests external data through browser snapshots and DOM evaluations performed via
pwcli open,pwcli snapshot, andpwcli evalinSKILL.mdandreferences/cli.md. - Boundary markers: There are no explicit instructions or delimiters used to warn the agent to ignore instructions embedded within the processed web content.
- Capability inventory: The agent possesses extensive capabilities to interact with the environment, including filling forms, clicking elements, and executing JavaScript code based on its interpretation of the page content.
- Sanitization: No evidence of sanitization or filtering of the HTML/DOM content is present before the data is analyzed by the agent.
Audit Metadata