Skills
skills/rukkha1024/post_auto_work/playwright-excel/Gen Agent Trust Hub

playwright-excel

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The validation workflow described in references/mcp-validation.md uses shell commands (e.g., playwright-cli -s=excel-validation fill "<locator>" "<value>") where the <value> parameter is populated with data loaded from an external Excel file. If the Excel file contains shell-sensitive characters (like semicolons or backticks), it could lead to arbitrary command execution on the host system.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external, untrusted data (Excel files) and incorporates it into the agent's logic without sufficient safeguards.
  • Ingestion points: Excel data is loaded using the Polars library as shown in references/excel-loading.md.
  • Boundary markers: None. There are no instructions or delimiters used to prevent the agent from interpreting text within the Excel file as commands.
  • Capability inventory: The skill has the capability to run shell commands via conda run and the playwright-cli tool, and can install packages using pip and conda.
  • Sanitization: None. The logic replaces hardcoded values directly with data from the Excel file without validation or escaping.
  • [EXTERNAL_DOWNLOADS]: The skill instructions in SKILL.md and references/mcp-validation.md require downloading and installing external dependencies, including Python packages via conda/pip and the playwright-cli tool (via npx). while these are standard utilities, they represent a dependency on external repositories.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 10:30 PM
Security Audit — agent-trust-hub — playwright-excel