playwright-automation

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary workflow involves the agent generating Javascript scripts in the /tmp/ directory and executing them using node or npx. This dynamic execution allows the agent to perform complex browser-based tasks based on instructions. \n- [EXTERNAL_DOWNLOADS]: The skill uses npx playwright test, which may trigger the download of the Playwright framework and browser binaries (Chromium, Firefox, WebKit) from official registries. \n- [PROMPT_INJECTION]: The skill includes patterns for web scraping and content extraction (page.content(), extractTable()), which creates an indirect prompt injection surface. Malicious instructions on a target website could potentially influence the agent's subsequent logic. \n
  • Ingestion points: page.content(), allTextContents(), and extractTable in SKILL.md. \n
  • Boundary markers: None present in the provided templates to isolate external content. \n
  • Capability inventory: Shell access via Bash tool, script execution via node, and file system write access. \n
  • Sanitization: No sanitization or validation of extracted web content is included in the examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 11:20 AM
Security Audit — agent-trust-hub — playwright-automation