Skills
skills/vinnie357/claude-skills/playwright/Gen Agent Trust Hub

playwright

Warn

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The tool browser_evaluate allows the execution of arbitrary JavaScript within the browser context, which can be used to interact with the DOM or manipulate page behavior.
  • [DATA_EXFILTRATION]: The skill includes multiple tools for accessing sensitive browser data, such as browser_cookies_get, browser_local_storage_get, and browser_storage_state. These tools can expose session tokens and other private information. Additionally, browser_file_upload allows transferring local files to a web context.
  • [EXTERNAL_DOWNLOADS]: The installation instructions fetch and execute the @playwright/mcp package from the NPM registry using bunx or npx (as described in SKILL.md).
  • [PROMPT_INJECTION]: The skill operates on external, untrusted web content, creating a significant surface for indirect prompt injection attacks.
  • Ingestion points: Untrusted data is retrieved from external websites via browser_snapshot, browser_evaluate, and browser_console_messages (referenced in references/tools-reference.md).
  • Boundary markers: There are no instructions or patterns provided to delineate untrusted web content from the agent's core instructions.
  • Capability inventory: The skill has extensive capabilities, including arbitrary code execution in the browser, file interaction, and persistent session management.
  • Sanitization: The skill does not describe any validation or sanitization of content scraped or read from external URLs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 01:24 AM