playwright-bowser
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the Bash tool to run the
playwright-cliutility, which is the intended primary purpose of this automation skill. - [REMOTE_CODE_EXECUTION] (MEDIUM): The
playwright-clidocumentation within the skill identifies arun-code <code>command. This feature enables the execution of arbitrary JavaScript within the browser context, representing a dynamic execution risk if the input code is not strictly controlled or is derived from untrusted sources. - [PROMPT_INJECTION] (LOW): This skill is highly susceptible to indirect prompt injection (Category 8) due to its nature as a web browsing tool.
- Ingestion points: External data is ingested via commands like
open,goto, andsnapshotinSKILL.md. - Boundary markers: None. The skill does not provide instructions to the agent on how to separate user/system instructions from content retrieved from the web.
- Capability inventory: The skill can perform network operations, write files (screenshots/PDFs), and execute scripts via
run-codeas defined inSKILL.md. - Sanitization: There are no mentioned mechanisms for sanitizing or filtering the content parsed from web pages.
Audit Metadata