Skills
skills/brianlovin/claude-config/playwriter/Gen Agent Trust Hub

playwriter

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx -y playwriter to ensure the Playwriter CLI is available, which fetches the package from the npm registry if not already installed.
  • [COMMAND_EXECUTION]: The skill executes the playwriter command-line utility to manage sessions and perform actions on the browser tab.
  • [REMOTE_CODE_EXECUTION]: The tool provides an evaluation flag (-e) that enables the agent to execute arbitrary JavaScript code within the context of the user's active browser tab, allowing for deep inspection and manipulation of page state.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it retrieves and processes untrusted content from the web pages the user visits. 1. Ingestion points: Data enters the agent's context through calls like page.url(), page.title(), and innerText via the playwriter -e command. 2. Boundary markers: The provided examples do not use delimiters or instructions to ignore embedded commands in the retrieved page data. 3. Capability inventory: The skill can execute local CLI commands and evaluate scripts in the browser. 4. Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the browser before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 10:25 PM