playwright
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates browser automation and interaction with external web content, which presents a surface for indirect prompt injection if an agent processes instructions found on remote pages.\n
- Ingestion points: Web navigation and content reading through
page.goto(),page.content(), and locators likepage.getByText()in SKILL.md.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are provided in the documentation examples.\n
- Capability inventory: Full browser control including element interaction (
click,fill), file system operations (screenshot,saveAs), and session state management (storageState) in SKILL.md.\n - Sanitization: No sanitization of external web content is demonstrated in the provided code snippets.\n- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the Playwright framework and browser binaries from well-known official repositories (npm and Microsoft's registries).\n- [COMMAND_EXECUTION]: The documentation includes standard shell commands for initializing projects and installing environment dependencies (e.g.,
npm init,npx playwright install).
Audit Metadata