playwright-ci-caching
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill provides a PowerShell script (
playwright.ps1) that dynamically searches for and executes the Playwright CLI binary. This is a standard automation pattern in .NET environments used to locate binaries within NuGet restore paths. - PROMPT_INJECTION (LOW): An attack surface for indirect prompt injection exists via the processing of
Directory.Packages.props. - Ingestion points: The CI snippets and
playwright.ps1read theDirectory.Packages.propsfile usingGet-Content. - Boundary markers: None; extracted values are used directly in environment variables and cache keys.
- Capability inventory: File system discovery and command execution via the PowerShell call operator (
&). - Sanitization: Uses PowerShell's native XML parser (
[xml]), which provides structural validation but does not sanitize the semantic content of the version string. - SAFE: The skill content is limited to documentation and configuration templates for legitimate DevOps optimization. No malicious patterns, obfuscation, or unauthorized network operations were detected.
Audit Metadata