skills/mbatra5/datalayer-analytics-playwright-skill/datalayer-analytics-playwright/Gen Agent Trust Hub
datalayer-analytics-playwright
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves executing a multi-line JavaScript snippet via
node -eto process test results (SKILL.md, references/extraction-workflow.md). This command reads from local files and performs parsing and data extraction. - [REMOTE_CODE_EXECUTION]: In
assets/analytics-common-step.ts, the skill usesrequire()with dynamic paths constructed from component names (require(./${component}/${component}.json)). This creates a vulnerability where malicious input in a tracking specification could potentially cause path traversal or the loading of unintended local modules. - [EXTERNAL_DOWNLOADS]: The skill installs
allure-js-commons,allure-playwright, andplaywright-bddfrom the npm registry for reporting and BDD support. It also references fetching configuration data from Confluence's REST API. - [PROMPT_INJECTION]: The skill exhibits an attack surface for Indirect Prompt Injection by processing data from external documentation URLs to drive automated test generation.
- Ingestion points: Retrieves tracking specifications from wiki pages or documentation URLs provided by the user.
- Boundary markers: No delimiters or safety instructions are used to distinguish external data from the agent's core instructions.
- Capability inventory: The skill performs file system writes, subprocess execution (
npx), dynamic code loading (require), and browser-level script injection (page.evaluate). - Sanitization: External data is not validated or sanitized before being incorporated into the test code and execution workflow.
Audit Metadata