playwright
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODEEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides an
evalcommand allowing execution of arbitrary JavaScript within the browser context, presenting a risk of dynamic code execution. - [COMMAND_EXECUTION]: Local Bash commands are used to manage a Node.js server process and browsers using
pkill. - [DATA_EXFILTRATION]: Documentation demonstrates the extraction of sensitive information, such as authentication tokens from
localStorage, using browser automation tools. - [NO_CODE]: The implementation file
playwright-server.jsis not provided, which is the primary logic for the browser-to-agent interface. - [EXTERNAL_DOWNLOADS]: Fetches Playwright and browser binaries from well-known official sources during the setup process.
- [PROMPT_INJECTION]: The skill faces indirect prompt injection risks. It ingests untrusted data from web pages (via
navigateandsnapshotinSKILL.md) without boundary markers or instructions to ignore embedded commands. These inputs could exploit high-privilege tools likeevalandclickfound inreferences/commands.md, with no sanitization logic present.
Audit Metadata