The Agent Skills Directory

[COMMAND_EXECUTION]: The skill leverages playwright-cli to perform browser actions. It implements robust sanitization of user-provided inputs (such as CSS selectors and input values) by stringifying them into JSON literals before interpolation into shell commands or browser-side code. This effectively prevents shell injection and cross-context script injection.
[DATA_EXFILTRATION]: Browser state management, including session cookies and localStorage, is handled via bin/auth-save and bin/auth-load. These tools store credentials in a dedicated local directory (.playwright-skill/auth/) that is explicitly excluded from version control. Additionally, the skill's instructions explicitly caution the agent against navigating to external domains to prevent accidental exposure of active session tokens.
[SAFE]: The skill demonstrates a high degree of security awareness. It implements defense-in-depth sanitization for identifiers derived from environment variables (e.g., CLAUDE_SESSION_ID) and uses isolated session files to ensure agent activities do not leak across different projects or tasks. No evidence of obfuscation, persistence mechanisms, or unverified remote code execution was found.

playwright-skill-v2