playwright-e2e
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the application UI and error logs to inform code generation and execution. 1. Ingestion points: UI element text and snapshots accessed by the Planner agent, markdown test plans processed by the Generator agent, and test failure logs analyzed by the Healer agent. 2. Boundary markers: Absent. The instructions do not define delimiters for external data or specify that embedded instructions should be ignored. 3. Capability inventory: The skill can write code files to the filesystem ('generator_write_test') and execute commands or tests on the local environment ('playwright_test_run_test'). 4. Sanitization: Absent. There is no evidence of input validation or escaping for data pulled from the UI before it is used in test generation.
- [COMMAND_EXECUTION]: The skill uses tools to execute generated tests and shell commands for environment setup. It requires running 'npm install' and 'npx playwright install' to prepare the local environment and utilizes the 'playwright_test_run_test' and 'playwright_test_debug_test' tools to execute generated code.
- [EXTERNAL_DOWNLOADS]: Fetches dependencies from well-known sources. It installs the Playwright package and browser binaries from official registries during the prerequisite setup phase, which are recognized as well-known technology services.
Audit Metadata