playwright-automation
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary workflow involves the agent generating Javascript scripts in the
/tmp/directory and executing them usingnodeornpx. This dynamic execution allows the agent to perform complex browser-based tasks based on instructions. \n- [EXTERNAL_DOWNLOADS]: The skill usesnpx playwright test, which may trigger the download of the Playwright framework and browser binaries (Chromium, Firefox, WebKit) from official registries. \n- [PROMPT_INJECTION]: The skill includes patterns for web scraping and content extraction (page.content(),extractTable()), which creates an indirect prompt injection surface. Malicious instructions on a target website could potentially influence the agent's subsequent logic. \n - Ingestion points:
page.content(),allTextContents(), andextractTableinSKILL.md. \n - Boundary markers: None present in the provided templates to isolate external content. \n
- Capability inventory: Shell access via
Bashtool, script execution vianode, and file system write access. \n - Sanitization: No sanitization or validation of extracted web content is included in the examples.
Audit Metadata