playwright-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill instructs the agent to create and use 'auth.json' for storing authentication state, including session cookies and tokens. Creation of files with sensitive authentication state is a high-risk activity that lacks explicit security guidance (e.g., .gitignore usage) and could lead to credential exposure.
- [PROMPT_INJECTION] (HIGH): This skill defines a high-risk surface for indirect prompt injection. The agent is instructed to interact with and process content from external websites (via 'page.goto'). It lacks boundary markers or sanitization logic to prevent the agent from obeying malicious instructions embedded in web content. Ingestion points: browser navigation to external URLs. Boundary markers: None. Capability inventory: 'npx' command execution, 'saveAs' file writing, and network request interception. Sanitization: None. Additionally, the markdown body contains explicit instructions ('Trigger it by asking...') designed to influence agent routing logic.
- [COMMAND_EXECUTION] (MEDIUM): Documentation promotes the use of 'npx playwright test' and CLI debugging tools. If the agent generates these command strings based on untrusted input from processed web pages, it provides a vector for arbitrary command injection.
Recommendations
- AI detected serious security threats
Audit Metadata