Skills
skills/spacecake-labs/electron-playwright-cli/electron-playwright-cli/Gen Agent Trust Hub

electron-playwright-cli

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides run-code and electron_evaluate commands which allow for the execution of arbitrary JavaScript.
  • The electron_evaluate command is particularly high-risk as it executes code within the Electron main process, which typically has full Node.js integration and can interact with the host file system and execute shell commands.
  • The run-code command allows execution of arbitrary logic in the renderer (browser) context, including network requests via fetch or XMLHttpRequest.
  • [COMMAND_EXECUTION]: The skill relies on the electron-playwright-cli binary via Bash to interact with the system and manage Electron processes.
  • [DATA_EXFILTRATION]: The skill includes extensive tools for extracting data from the application, including:
  • cookie-get and cookie-list for retrieving session cookies.
  • localstorage-get and sessionstorage-get for accessing storage data.
  • screenshot for capturing the visual state of the application.
  • snapshot for extracting the full DOM tree and application metadata.
  • [CREDENTIALS_UNSAFE]: The state-save command persists the entire application state, including authentication tokens and session identifiers, to local files. The documentation warns against committing these files but the capability allows for the capture of sensitive credentials.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through several ingestion points:
  • Ingestion points: Data enters the agent's context through snapshot, eval, and run-code outputs, which may contain untrusted content from the application or web pages being automated.
  • Boundary markers: There are no apparent boundary markers or instructions to treat data from the Electron app as untrusted.
  • Capability inventory: The skill possesses high-privilege capabilities including Node.js execution via electron_evaluate, file writes via screenshot and state-save, and broad network access via routing and browser execution.
  • Sanitization: No evidence of sanitization or validation of the content retrieved from the application before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 08:46 AM