webapp-testing
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Playwright library and associated browser binaries from Microsoft's official repositories.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it processes data from external websites.
- Ingestion points: External website content is retrieved via browser automation in
scripts/playwright_runner.pyand passed back to the agent context. - Boundary markers: The instructions do not define clear boundaries or 'ignore' directives to separate web content from agent instructions.
- Capability inventory: The skill leverages Playwright for navigation and DOM interaction, and writes screenshot files to the system's temporary directory.
- Sanitization: Content fetched from target URLs is not sanitized or filtered before being returned to the agent, potentially allowing embedded malicious instructions to influence agent behavior.
Audit Metadata