playwright-mcp
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary JavaScript logic through the CLI tool's
--scriptflag, providing a direct interface for running unvalidated code strings. - [REMOTE_CODE_EXECUTION]: The integration of
page.evaluate()and similar browser automation functions allows for the dynamic execution of code within a browser session, which can be exploited if malicious payloads are introduced from untrusted web pages or inputs. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process content from external web pages (ingestion point: URLs accessed via the MCP server) without utilizing boundary markers, content sanitization, or explicit instructions to ignore embedded commands (Capability Inventory: browser navigation, element interaction, and dynamic script execution).
Audit Metadata