playwright_browser
Fail
Audited by Gen Agent Trust Hub on Feb 12, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
================================================================================
🔴 VERDICT: CRITICAL
This skill is rated CRITICAL due to the ability to execute arbitrary JavaScript code on any visited web page, which can lead to data exfiltration and credential compromise. Additionally, it disables browser sandboxing, increasing vulnerability to web-based exploits.
Total Findings: 4
🔴 CRITICAL Findings: • Arbitrary JavaScript Execution
- automator.py:29: await page.evaluate(action['script'])
The
automator.pyscript allows anevaluateaction where arbitrary JavaScript provided by the user (action['script']) is executed directly within the context of the browsed page. This is a severe vulnerability that can be exploited to exfiltrate sensitive data (e.g., cookies, local storage, DOM content) to an attacker-controlled server, perform unauthorized actions, or bypass security policies.
🔴 HIGH Findings: • Reduced Browser Sandboxing
- automator.py:12: browser = await p.chromium.launch(headless=True, args=["--no-sandbox"])
All Python scripts (automator.py, browser_tool.py, download_images.py, scraper.py, search.py, snapshot.py) launch the Chromium browser with
--no-sandboxand some with--disable-setuid-sandbox. While this is often a workaround for containerized environments, it significantly reduces the security isolation of the browser process. This makes the browser more susceptible to exploits if a malicious web page is visited, potentially leading to code execution outside the browser's sandbox. • Processing Arbitrary External Content - browser_tool.py:16: await page.goto(url, wait_until="networkidle", timeout=60000) Multiple scripts (automator.py, browser_tool.py, download_images.py, scraper.py, snapshot.py) navigate to arbitrary URLs provided by the user. This means the skill will process untrusted external web content, which can contain malicious scripts, phishing attempts, or other web-based attacks. When combined with the arbitrary JavaScript execution capability and reduced sandboxing, this poses a significant risk.
🔵 LOW Findings: • Unverifiable Dependency Installation
- SKILL.md:200: pip install playwright; playwright install chromium
The skill's instructions include
pip install playwrightandplaywright install chromium. While Playwright is a well-known and trusted library, and Chromium is a standard browser binary, the act of installing external dependencies from the internet is generally considered a potential risk. However, given the trusted nature of these specific dependencies, this finding is downgraded to LOW/INFO. It is still noted as an external download.
================================================================================
Recommendations
- AI detected serious security threats
Audit Metadata