playwright-cli
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute playwright-cli commands for all browser automation tasks.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the npx utility to fetch and run the playwright-cli package from the official NPM registry.
- [REMOTE_CODE_EXECUTION]: The run-code and eval commands allow the execution of arbitrary JavaScript code within the browser context to handle complex automation scenarios such as geolocation and clipboard management.
- [DATA_EXFILTRATION]: The skill provides commands to list, get, and save browser storage data, including cookies and localStorage (e.g., cookie-list, localstorage-get, state-save), which may contain sensitive session information.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from web pages. 1. Ingestion points: Web content is retrieved through navigation commands like goto and open (SKILL.md). 2. Boundary markers: No delimiters or instructions were identified to separate page content from agent instructions. 3. Capability inventory: The skill has high-privilege capabilities including script execution (run-code) and session state capture. 4. Sanitization: No evidence of filtering or sanitizing the content fetched from the web before it is processed by the agent.
Audit Metadata