playwright-screenshot-inspector
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core functionality of ingesting and analyzing external web content.
- Ingestion points: Web content is ingested via
page.goto(url)andpage.locator('body').inner_text()in the Python templates provided inSKILL.md. - Boundary markers: The provided analysis prompts (e.g., Pattern 1: Content Verification) do not include delimiters or 'ignore' instructions to prevent the LLM from obeying instructions found within the screenshot or page text.
- Capability inventory: The script performs file-system writes (
page.screenshot) and network operations (page.goto). - Sanitization: No sanitization or filtering of the ingested web content or extracted text is performed before it is passed to the LLM for evaluation.
Audit Metadata