playwright-automation
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted web content.
- Ingestion points: Untrusted data enters the agent context via
page.goto(),page.content(), andpage.accessibility.snapshot()as described in SKILL.md. - Boundary markers: No delimiters or specific instructions are provided to the model to ignore or escape instructions that might be embedded within the retrieved web pages.
- Capability inventory: The skill can launch browser processes, write to the file system (screenshots and PDFs), intercept network requests via
page.route(), and execute arbitrary JavaScript in the browser context viapage.evaluate(). - Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from external URLs before processing.
- [COMMAND_EXECUTION]: The skill facilitates the creation and execution of Node.js scripts that control browser instances and interact with the host system's file system.
- [DATA_EXFILTRATION]: Provides methods to extract data from the browser and save it locally, including the
page.screenshot()andpage.pdf()functions.
Audit Metadata