skills/plurigrid/asi/partiful/Gen Agent Trust Hub

partiful

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill automatically installs the playwright framework globally and downloads the Chromium browser environment using npm install -g playwright and npx playwright install chromium within the scripts/partiful.clj script. While these are well-known tools from Microsoft, the automated installation of global packages and executable binaries represents a significant system modification.
  • [COMMAND_EXECUTION]: The skill uses babashka.process/shell to execute system commands including npm, npx, and node. It also generates a temporary JavaScript file at /tmp/partiful-auth.js and executes it to perform browser automation tasks.
  • [CREDENTIALS_UNSAFE]: The authentication process (auth command) captures sensitive Authorization headers and user IDs by intercepting network traffic within a Playwright-controlled browser session. The extracted credentials, including auth tokens and refresh tokens, are stored in plain text on the local file system at ~/.partiful-config.edn.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 08:50 PM
Security Audit — agent-trust-hub — partiful