playwright-screenshot-inspector
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it extracts text and visual data from external or local web pages and passes it to an LLM for semantic analysis.
- Ingestion points: The
run_testsfunction andcapture_themed_screenshotsfunction in the provided Python template visit URLs and extract content usingpage.locator('body').inner_text(). - Boundary markers: There are no explicit boundary markers or instructions to the LLM to disregard potentially malicious text embedded within the processed page content.
- Capability inventory: The script has the capability to write files to the local file system (
/tmp/visual-tests) and control a browser instance via Playwright. - Sanitization: The script does not perform sanitization or filtering on the text content extracted from the web pages before it is included in analysis prompts.
- [COMMAND_EXECUTION]: The skill's Python template utilizes the Playwright library to control browser instances and execute dynamic JavaScript within the browser context via
page.wait_for_function. While this is standard functionality for visual testing tools, it represents a form of dynamic code execution that occurs at runtime.
Audit Metadata