playwright-cli
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the @playwright/cli package from the official npm registry.\n- [REMOTE_CODE_EXECUTION]: Employs npx to dynamically download and run the Playwright CLI tool at runtime.\n- [COMMAND_EXECUTION]: Executes shell and PowerShell commands to control the browser and set process-level environment variables.\n- [DATA_EXFILTRATION]: Reads sensitive information, including an authentication token and site configuration, from local files in the ~/.copilot/skills/ directory.\n- [PROMPT_INJECTION]: Presents a surface for indirect prompt injection when processing content from external websites.\n
- Ingestion points: Captures page structure and text via the snapshot command from untrusted web sources.\n
- Boundary markers: None identified in the instructions; system instructions and external data are not explicitly separated.\n
- Capability inventory: Provides tools for shell execution and browser-side JavaScript evaluation (eval).\n
- Sanitization: No sanitization of the ingested content is performed before the agent processes it.
Audit Metadata