playwright-automation

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill workflow involves creating JavaScript automation scripts in the /tmp directory and executing them using node. This includes the use of shell heredocs to pass script content directly to the Node.js runtime for utility tasks like port checking.
  • [PROMPT_INJECTION]: The skill processes external web content and user-provided strings, creating a surface for indirect prompt injection attacks.
  • Ingestion points: URLs, form fields (email, password), and selectors are ingested from the agent's context and placed into automation scripts.
  • Boundary markers: Absent; there are no instructions to use delimiters or 'ignore' instructions when processing external web data.
  • Capability inventory: The skill has high-privilege capabilities including shell access (Bash) and file modification (Write, Edit) which are used to execute the generated scripts.
  • Sanitization: No validation or escaping logic is described for the variables interpolated into the generated executable code.
  • [EXTERNAL_DOWNLOADS]: The documentation references npx playwright test, which can initiate package downloads from the official npm registry if dependencies are not locally cached.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — playwright-automation