Skills
skills/allenlin90/eridu-services/playwright/Gen Agent Trust Hub

playwright

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx within its wrapper script to fetch and execute the @playwright/cli package from the public npm registry. This is a well-known package maintained by Microsoft.
  • [COMMAND_EXECUTION]: The script scripts/playwright_cli.sh facilitates the execution of Playwright commands by wrapping npx. It passes agent-provided arguments directly to the CLI.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to ingest and process data from external, untrusted web pages.
  • Ingestion points: Browser snapshots, element text extraction via eval, and page navigation outputs (SKILL.md, scripts/playwright_cli.sh).
  • Boundary markers: The instructions do not define specific delimiters or warnings to ignore instructions embedded in the web content being processed.
  • Capability inventory: The skill can execute shell commands via the wrapper script, navigate the network, and execute arbitrary JavaScript in the browser context via eval and run-code commands.
  • Sanitization: No explicit sanitization or filtering of the extracted web content is performed before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 02:03 PM