Skills
skills/customware-ai/skills/playwright-interactive-sandbox/Gen Agent Trust Hub

playwright-interactive-sandbox

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to create and run Node.js scripts using the Playwright library to verify web application behavior. It also involves managing local processes via shell commands like npm run start and kill.
  • [EXTERNAL_DOWNLOADS]: The skill requires downloading the Chromium browser executable through the standard npx playwright install chromium command, which is a trusted operation for this framework.
  • [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by interacting with web content. Evidence: (1) Ingestion point: page.goto(TARGET_URL) in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: Subprocess execution (node, npm, kill), file system writes (screenshots), and JavaScript execution (page.evaluate) in SKILL.md. (4) Sanitization: Absent. This surface is purpose-aligned and restricted to local development targets.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 09:45 PM