Playwright MCP Browser Automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the processing of external web data, creating a surface for indirect prompt injection where malicious instructions on visited websites could influence agent behavior.\n
- Ingestion points: External websites accessed via Playwright tools (SKILL.md).\n
- Boundary markers: No specific delimiters or safety warnings are provided in the skill instructions to distinguish between agent instructions and web content.\n
- Capability inventory: Broad browser automation capabilities including page navigation, element interaction, and state inspection.\n
- Sanitization: The skill documentation does not describe any sanitization or filtering of the content retrieved from the browser context.\n- [EXTERNAL_DOWNLOADS]: The skill is distributed via the vendor's repository (agentskillexchange/skills) and utilizes dependencies from official repositories (microsoft/playwright), which are recognized as standard and legitimate distribution points.
Audit Metadata