Skills
skills/davila7/claude-code-templates/playwright-skill/Gen Agent Trust Hub

playwright-skill

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The run.js script takes arbitrary input from process.argv or stdin and writes it to a temporary file (.temp-execution-[timestamp].js), which is then executed using require(). This allows the execution of any Node.js code on the host system.
  • EXTERNAL_DOWNLOADS (MEDIUM): The installPlaywright function automatically invokes npm install and npx playwright install if the Playwright dependency is missing, performing network operations and package installation at runtime without user confirmation.
  • REMOTE_CODE_EXECUTION (HIGH): The execution flow allows untrusted input to be converted directly into executable code, providing a high-risk surface for Remote Code Execution (RCE) via the agent's input channel.
  • PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it lacks sanitization for the code it executes.
  • Ingestion points: run.js (reads from process.argv and process.stdin).
  • Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are present.
  • Capability inventory: run.js contains fs.writeFileSync, require() (execution), and execSync (package installation).
  • Sanitization: Absent; the input is wrapped in a basic template and executed without validation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:57 PM