playwright-frontend-testing
Fail
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes instructions for running system-level commands with administrative privileges using sudo apt-get install for browser dependency setup.
- [COMMAND_EXECUTION]: The skill facilitates the creation and execution of dynamic scripts by writing JavaScript test files to the local filesystem and running them via the npx playwright test runner.
- [EXTERNAL_DOWNLOADS]: Fetches and installs components from Playwright's official repositories and standard package registries such as NPM and PyPI.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Untrusted data enters the agent context through browser navigation and accessibility tree snapshots in SKILL.md. Explicit boundary markers to isolate untrusted web content are not defined. The skill's capability inventory includes subprocess execution, file system writes, and network operations, with no evidence of input sanitization for ingested web data.
- [REMOTE_CODE_EXECUTION]: Utilizes child_process.exec to run local shell scripts, which can be leveraged for arbitrary code execution if the script environment or paths are influenced by external inputs.
Recommendations
- AI detected serious security threats
Audit Metadata