webapp-testing

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the playwright Python package and the Chromium browser. These components are downloaded from well-known repositories maintained by Microsoft, which are trusted sources for browser automation tools.\n- [COMMAND_EXECUTION]: The script scripts/playwright_runner.py executes a headless browser instance and performs file system operations to create directories and save screenshots in the system's temporary directory. These actions are legitimate and necessary for the tool's stated purpose of web testing and visual verification.\n- [SAFE]: The skill processes external web content, which inherently creates an attack surface for indirect prompt injection. However, the script is designed to extract structural data and metrics in a sandboxed browser environment and does not interpret page content as executable instructions.\n
  • Ingestion points: scripts/playwright_runner.py via the page.goto(url) function which navigates to user-provided or discovered URLs.\n
  • Boundary markers: The script produces structured JSON output, separating extracted page data from system instructions.\n
  • Capability inventory: The skill has capabilities for browser automation, network navigation, and file system writes for screenshot artifacts.\n
  • Sanitization: Page content is rendered within Playwright's sandboxed Chromium instance, and data extraction is limited to metadata and performance timings.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 05:53 PM
Security Audit — agent-trust-hub — webapp-testing