playwright-testing
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The script
scripts/init-playwright.shand the documentation inreferences/wsl2-configuration.mdmodify the user's~/.bashrcfile to append environment variable definitions (CHROME_BIN) and update thePATH. While intended for configuration, automated modification of shell profiles is a high-risk behavior, downgraded here due to the skill's setup purpose. - Privilege Escalation (MEDIUM): Documentation in
references/wsl2-configuration.mdincludes commands utilizingsudofor installing Google Chrome and various system libraries required for browser automation on Linux/WSL2. - Indirect Prompt Injection (LOW): The skill enables browser navigation to external URLs via Playwright, creating a surface where malicious website content could potentially influence the agent's behavior. Evidence: 1. Ingestion points:
page.goto()calls inSKILL.mdandscripts/init-playwright.sh. 2. Boundary markers: No delimiters or instructions to ignore embedded content are provided. 3. Capability inventory: Subprocess calls (npm, npx, wget, dpkg, apt-get), file system operations (cat, echo, mkdir), and network access (wget). 4. Sanitization: No sanitization of website content is implemented. - External Downloads (SAFE): The skill downloads the Google Chrome Debian package from
dl.google.com. As Google is a trusted organization, this download is considered safe. - Hardcoded Credentials (SAFE): Example code in
references/best-practices.mdcontains dummy credentials ('test@example.com', 'password'). These are clearly illustrative and do not represent a security risk.
Audit Metadata