webapp-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The
scripts/playwright_runner.pyscript is designed to fetch and return content from external, untrusted websites. - Ingestion points: The script extracts the page title (
page.title()), the URL, and captures browser console logs (page.on("console", ...)). - Boundary markers: Absent. The retrieved strings are placed directly into a JSON result object without delimiters or instructions to the agent to treat the content as data rather than instructions.
- Capability inventory: The script itself is limited to browser automation and saving screenshots to the system temp directory. It does not execute arbitrary shell commands or access sensitive files.
- Sanitization: Absent. The script returns raw content retrieved from the target URL, which may contain adversarial text designed to manipulate the LLM processing the tool's output.
- [External Downloads] (SAFE): The skill references
playwright, which is a standard library maintained by a trusted organization (Microsoft). The installation instructions follow standard practices for browser automation tools.
Audit Metadata