mcp-playwright
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill enables the agent to navigate to arbitrary URLs and process browser content (DOM and console logs), creating a surface for indirect prompt injection where a malicious website could attempt to influence the agent's behavior. * Ingestion points: External URLs and browser console output as defined in the prompt templates in SKILL.md. * Boundary markers: None explicitly defined in the templates to separate untrusted content from system instructions. * Capability inventory: Browser navigation, screenshot capture, and DOM interaction via the microsoft/playwright-mcp server. * Sanitization: No specific sanitization or filtering for web content is mentioned in the skill definition.
- [External Downloads] (SAFE): The skill references the microsoft/playwright-mcp server (@playwright/mcp). Since microsoft is a trusted organization, this dependency is considered safe under the [TRUST-SCOPE-RULE].
Audit Metadata