Skills
skills/commandcodeai/agent-skills/playwright-skill/Gen Agent Trust Hub

playwright-skill

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Dynamic Code Execution (HIGH): The skill implements a 'Universal Executor' pattern in run.js. It reads input from command-line arguments or stdin, writes it to a temporary file (.temp-execution-*.js), and then executes it using require(). This is functionally equivalent to eval() and allows for arbitrary code execution.
  • Indirect Prompt Injection Surface (HIGH): As a Playwright executor, the agent is expected to generate scripts based on the tasks it receives. If the agent reads a malicious webpage (e.g., via a 'summarize this page' request) that contains hidden instructions to exfiltrate data via the browser automation, this skill provides the direct execution path for that attack.
  • Unverifiable Dependencies & Environment Modification (MEDIUM): The installPlaywright function in run.js automatically executes npm install and npx playwright install if the dependency is missing. This performs unverified external downloads and installation at runtime.
  • Missing Files/Broken Dependencies (LOW): The code in run.js (inside wrapCodeIfNeeded) attempts to require('./lib/helpers'). However, this file was not provided in the skill package, meaning any code using the default wrapper will likely fail due to a missing module error.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:13 AM