playwright-browser
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The tool
browser_evaluateallows the agent to execute arbitrary JavaScript code within the context of the loaded web page. Additionally,browser_add_script_tagcan be used to inject and execute remote scripts from external URLs. - [DATA_EXFILTRATION]: The skill includes tools to extract sensitive session information, such as
browser_get_cookies,browser_get_local_storage, andbrowser_storage_state. If an agent is compromised or follows a malicious instruction, this data could be sent to an external server. - [COMMAND_EXECUTION]: The
browser_upload_filetool allows the agent to select and upload files from the local filesystem to a website. This presents a high risk of sensitive file exposure if the agent is manipulated into uploading files like SSH keys or configuration files (e.g.,.env). - [COMMAND_EXECUTION]: Tools such as
browser_screenshot,browser_pdf, andbrowser_storage_stateallow the agent to write data to specified local file paths, which could be used to overwrite system files or create persistence if not properly sandboxed. - [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection. Since it navigates to external websites via
browser_gotoand extracts text content viabrowser_get_text, a malicious website could host instructions that the agent might interpret as authoritative commands. - [DATA_EXFILTRATION]: The
browser_grant_permissionstool allows the agent to bypass standard browser security prompts for geolocation, microphone, and camera access, potentially leading to unauthorized surveillance or tracking.
Audit Metadata