playwright-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): The skill facilitates an indirect prompt injection surface by guiding the agent to process and act upon untrusted external web content via Playwright locators and navigation commands. * Ingestion points: External web pages accessed via
page.gotoand DOM element inspection methods likegetByRoleandgetByText(SKILL.md). * Boundary markers: Absent; there are no instructions for the agent to use delimiters or to treat external web data as untrusted. * Capability inventory: The skill provides the framework to write and execute browser automation scripts, which includes interactions with the host system and network. * Sanitization: Absent; no validation or filtering of external content is recommended before it is used to define test logic or locators. - Command Execution (MEDIUM): The skill is designed to run automated tests, which involves executing system commands and managing browser sub-processes. While expected for this tool's purpose, this capability increases the impact of any successful prompt injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata