playwright-web-scraper
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill extracts data from external, untrusted websites using
browser_evaluateas described inSKILL.md(Core Workflow Steps 3 and 4). - Boundary markers: There are no delimiters or explicit instructions provided in the extraction logic to prevent the agent from interpreting instructions potentially embedded in the scraped text.
- Capability inventory: The agent uses browser tools (
browser_navigate,browser_evaluate, etc.) and executes local Python scripts (process_results.py,validate_urls.py) to handle the data. - Sanitization: The skill lacks sanitization, filtering, or validation mechanisms for the text extracted from remote pages before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: Unlisted Python Dependency
- The script
scripts/validate_urls.pyincludes animport requestsstatement. - This contradicts the documentation in
SKILL.md, which claims the supporting scripts use "Standard library only (no external dependencies)". - While the
requestslibrary is not actively used in the script's logic (which relies onurllib), the presence of the import requires the package to be installed, which may lead to execution errors in environments where only the standard library is available.
Audit Metadata