playwright-automation
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves creating JavaScript automation scripts in the /tmp directory and executing them using node. This includes the use of shell heredocs to pass script content directly to the Node.js runtime for utility tasks like port checking.
- [PROMPT_INJECTION]: The skill processes external web content and user-provided strings, creating a surface for indirect prompt injection attacks.
- Ingestion points: URLs, form fields (email, password), and selectors are ingested from the agent's context and placed into automation scripts.
- Boundary markers: Absent; there are no instructions to use delimiters or 'ignore' instructions when processing external web data.
- Capability inventory: The skill has high-privilege capabilities including shell access (Bash) and file modification (Write, Edit) which are used to execute the generated scripts.
- Sanitization: No validation or escaping logic is described for the variables interpolated into the generated executable code.
- [EXTERNAL_DOWNLOADS]: The documentation references npx playwright test, which can initiate package downloads from the official npm registry if dependencies are not locally cached.
Audit Metadata