playwright-browser
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions include usage of the Playwright CLI through 'npx playwright' for installing browser binaries and running tests. These commands interact with official packages from the Playwright registry (a well-known service maintained by Microsoft).
- [REMOTE_CODE_EXECUTION]: The tools 'browser_evaluate' and 'browser_run_code' enable the execution of arbitrary JavaScript and Playwright code snippets. This provides necessary flexibility for automation but allows the agent to execute code dynamically at runtime based on its instructions.
- [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection because it navigates to and processes content from untrusted external URLs.
- Ingestion points: External web content loaded via 'browser_navigate' and analyzed through 'browser_snapshot' or 'browser_console_messages'.
- Boundary markers: None identified; there are no specific instructions to the agent to treat page content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill provides extensive capabilities including arbitrary script execution ('browser_evaluate'), file uploads ('browser_file_upload'), and network inspection ('browser_network_requests').
- Sanitization: There is no evidence of sanitization, filtering, or validation of content retrieved from the browser before it is processed by the agent.
Audit Metadata