playwright
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto dynamically download and run the@playwright/clipackage from the official NPM registry at execution time, as defined inscripts/playwright_cli.sh. - [COMMAND_EXECUTION]: The skill includes a shell wrapper script (
scripts/playwright_cli.sh) designed to execute Playwright CLI commands, which includes capabilities for browser interaction and executing arbitrary JavaScript within a browser context. - [PROMPT_INJECTION]: The skill's primary purpose is to interact with and extract data from external websites, creating a surface for indirect prompt injection where malicious instructions on a webpage could influence the agent's behavior.
- Ingestion points: The skill frequently extracts page content using
snapshot,eval, andtextContent(e.g., inSKILL.mdandreferences/workflows.md). - Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat extracted web content as untrusted data.
- Capability inventory: The agent has the ability to execute shell commands via the Playwright wrapper and can run arbitrary JavaScript in the browser context via
evalorrun-code. - Sanitization: No sanitization or filtering logic is specified for the data retrieved from external URLs before it is processed by the agent.
Audit Metadata