Skills
skills/dedalus-erp-pas/hexagone-foundation-skills/playwright-skill/Gen Agent Trust Hub

playwright-skill

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements server management functionality using child_process.spawn with the { shell: true } option to execute commands like npm run dev. It also uses system utilities such as lsof (macOS/Linux) and netstat (Windows) to verify port availability.
  • [REMOTE_CODE_EXECUTION]: The primary operating model of this skill is the dynamic generation of JavaScript test scripts which are written to /tmp and subsequently executed using the Node.js environment.
  • [DATA_EXFILTRATION]: The skill provides tools for comprehensive web scraping, including extracting text content from elements, retrieving attributes (like href), and capturing full-page screenshots. These features can be used to read and export sensitive data from browser sessions.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes content from external websites (via page.goto and DOM inspection).
  • Ingestion points: Reads text and data from external URLs via page.goto(), textContent(), and getAttribute() as described in SKILL.md.
  • Boundary markers: The instructions do not specify any delimiters or safety markers to prevent the agent from following malicious instructions embedded in the HTML of the websites being tested.
  • Capability inventory: The skill has access to full browser control, shell command execution via spawn, and the ability to write/execute files in the /tmp directory.
  • Sanitization: There is no evidence of sanitization or filtering of web content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 11:58 AM