Skills
skills/hainrixz/editor-pro-max/playwright-mcp/Gen Agent Trust Hub

playwright-mcp

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation describes and utilizes tools like browser_evaluate and browser_run_code, which allow for the execution of arbitrary JavaScript expressions and Playwright code blocks at runtime.
  • [EXTERNAL_DOWNLOADS]: The skill includes a browser_install tool intended to download and install browser binaries from remote sources to the local environment.
  • [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface. It is designed to ingest untrusted data from external websites via browser_snapshot (accessibility tree), browser_console_messages, and browser_network_requests. This untrusted data is processed in the same context as instructions for high-impact capabilities such as browser_click, browser_fill_form, browser_file_upload, and browser_evaluate, without providing explicit boundary markers or sanitization logic to prevent the agent from obeying instructions embedded in web content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 02:47 AM
Security Audit — agent-trust-hub — playwright-mcp