playwright
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto dynamically download and execute the@playwright/mcpandplaywright-clipackages from the NPM registry at runtime. - [COMMAND_EXECUTION]: Provides a wrapper script (
scripts/playwright_cli.sh) that executes shell commands to drive browser interactions via the Playwright CLI. - [REMOTE_CODE_EXECUTION]: Includes
evalandrun-codecapabilities which allow the execution of arbitrary JavaScript within the context of the automated browser instance. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external websites.
- Ingestion points: Browser page content is ingested into the agent's context through the
snapshotcommand and command-line arguments. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands in web content are provided in the skill definitions.
- Capability inventory: The skill can perform network operations (navigation), file system writes (screenshots, traces), and arbitrary code execution in the browser context (
eval). - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from websites before it is processed by the agent.
Audit Metadata