E2E Playwright
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates browser automation, which inherently involves the ingestion and processing of untrusted content from external websites. This creates a surface for indirect prompt injection attacks where malicious data or instructions embedded in a target website could influence the agent's actions.
- Ingestion points: External web pages and DOM content accessed during automated testing sequences (SKILL.md).
- Boundary markers: None specified within the skill to separate agent instructions from the data retrieved from browsers.
- Capability inventory: The skill utilizes Playwright to automate browser navigation, user interactions (click/type), and data extraction.
- Sanitization: The documentation mentions the importance of sanitizing user inputs to prevent injection, but does not provide specific implementation logic for sanitizing content read from the browser before it is processed by the AI agent.
Audit Metadata