Skills
skills/dididy/e2e-skills/playwright-debugger/Gen Agent Trust Hub

playwright-debugger

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DYNAMIC_EXECUTION]: The skill relies on node -e to execute inline JavaScript for processing data streams from results.json and trace.zip files.
  • [DYNAMIC_EXECUTION]: Provides shell command templates (e.g., for Phase 3 trace analysis) that require the agent to manually replace placeholders like SNAPSHOT_NAME. If the provided value contains shell metacharacters or JavaScript escape sequences, it could lead to arbitrary command execution.
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: Downloads test report artifacts and PR metadata from GitHub using the gh CLI tool and runs npx playwright test. These are well-known tools used for their standard functionality.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests and processes untrusted data from test report files (Phase 1 and Phase 3). There are no boundary markers or sanitization steps to prevent malicious content within these files from influencing the parsing logic or the agent's summary. 1. Ingestion points: playwright-report/results.json, trace.zip (via unzip -p). 2. Boundary markers: None present. 3. Capability inventory: gh, npx, node, jq, unzip, find. 4. Sanitization: None detected.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 02:15 PM