playwright-tab-comparison
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external websites via snapshots and evaluation functions, creating a surface for indirect prompt injection.
- Ingestion points: External content is ingested through browser_snapshot and browser_evaluate as described in SKILL.md.
- Boundary markers: Absent; no specific separators are used to distinguish external web content from instructions.
- Capability inventory: The skill has browser automation capabilities and executes local scripts for data processing.
- Sanitization: No sanitization is performed on data extracted from external pages before it is used in report generation. This surface is expected for the skill's primary purpose and is considered a low risk.
Audit Metadata