playwright-form-validation
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from external websites, which presents a risk of indirect prompt injection.\n
- Ingestion points: Untrusted content is ingested from user-provided URLs using the
mcp__playwright__browser_snapshottool as seen inSKILL.mdandreferences/detailed-workflow.md.\n - Boundary markers: There are no specified delimiters or instructions to ignore embedded malicious content within the page text.\n
- Capability inventory: The agent is granted high-risk capabilities including
Bash,Write, andRead, which could be abused if malicious instructions are successfully injected via a website.\n - Sanitization: No sanitization or filtering logic is provided for the ingested snapshot content before processing.\n- [COMMAND_EXECUTION]: The skill documentation instructs the agent to use the
Bashtool to run a vendor-provided Python script (scripts/parse_validation_errors.py). While this script is legitimate and uses only standard libraries, the generalBashcapability provides a broad execution surface that requires careful handling.
Audit Metadata