playwright-local
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The file
scripts/install-browsers.shexecutes shell commands to install browser binaries usingnpx playwright install. While this is a standard operational requirement for Playwright, executing shell scripts provided in a skill carries inherent risk. - DATA_EXPOSURE (LOW): In
templates/authenticated-session.ts, the skill writes sensitive session cookies to a local file namedsession.json. If the environment is shared or the file is not properly secured, this could lead to session hijacking. - EXTERNAL_DOWNLOADS (LOW): The installation script downloads browser binaries from Playwright's infrastructure. While the source is generally trusted, it involves third-party binary execution.
- PROMPT_INJECTION (LOW): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points:
templates/basic-scrape.tsandtemplates/stealth-mode.tsingest untrusted data from web pages usingtextContentandpage.content(). - Boundary markers: Absent; the templates do not implement delimiters or instructions to ignore embedded commands in scraped data.
- Capability inventory: The skill possesses the capability to write files (
session.json, screenshots, PDFs) and execute system commands (scripts/install-browsers.sh). - Sanitization: No evidence of sanitization or validation of the scraped content before it is processed by the agent.
Audit Metadata