playwright-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automates the installation of the 'playwright' Python package and the Chromium browser binary. These are well-known resources provided by a trusted organization (Microsoft).
- [COMMAND_EXECUTION]: The 'install.py' script uses 'subprocess.run' with 'shell=True' to execute system commands for installing dependencies and verifying the environment. Additionally, the skill's metadata allows the use of 'Bash' and 'Exec' tools.
- [PROMPT_INJECTION]: The skill is designed to ingest and process content from external websites, which creates a surface for indirect prompt injection attacks.
- Ingestion points: Data is ingested via 'page.goto()', 'page.content()', and 'page.text_content()' methods documented in 'SKILL.md' and used in example scripts like 'examples/search_example.py'.
- Boundary markers: The skill does not implement or recommend any boundary markers or instructions to the agent to ignore potentially malicious commands within the scraped content.
- Capability inventory: The skill is granted high-privilege tool access, including 'Bash', 'Exec', 'Read', and 'Write'.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from remote URLs before it is processed by the agent.
Audit Metadata