playwright-cli
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
playwright-clitool to automate browser behavior and perform file system operations such as saving screenshots and PDFs. - [REMOTE_CODE_EXECUTION]: Commands such as
evalandrun-codeallow the agent to execute arbitrary JavaScript code within the browser context, providing a mechanism for dynamic code execution. - [DATA_EXFILTRATION]: The skill has the capability to access and export sensitive session information, including cookies, local storage, and authentication states (e.g., via
cookie-listandstate-save). - [PROMPT_INJECTION]: The skill navigates to and processes content from arbitrary external websites using
playwright-cli goto, creating a surface for indirect prompt injection attacks. - Ingestion points: External web content retrieved via the
gotocommand. - Boundary markers: None; the instructions do not specify any delimiters or warnings to ignore instructions embedded in page content.
- Capability inventory: Shell command execution, network access, and file writing.
- Sanitization: No validation or sanitization of page content is described.
Audit Metadata