playwright
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill interacts with external websites, which constitutes an inherent attack surface for indirect prompt injection. \n
- Ingestion points: Page text, HTML, and links (navigate.py); visual content (screenshot.py); and JavaScript evaluation results (evaluate.py). \n
- Boundary markers: No specific boundary markers are used in the scripts to delimit untrusted web content from agent instructions. \n
- Capability inventory: The skill possesses significant interactive capabilities, including form filling (fill_form.py) and arbitrary JavaScript execution (evaluate.py) within the browser context. \n
- Sanitization: No sanitization is performed on the data retrieved from the web before it is returned to the agent. \n- [Dynamic Execution] (SAFE): The evaluate.py script allows for the execution of JavaScript in the browser. This is a core functionality of Playwright used for legitimate automation and does not grant the script access to the host operating system beyond the browser sandbox.
Audit Metadata