Skills
skills/fellowship-dev/dogfooded-skills/playwright/Gen Agent Trust Hub

playwright

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install playwright-core via npm, which is a well-known and standard library for browser automation.
  • [COMMAND_EXECUTION]: The skill launches the Chromium browser as a subprocess using shell commands with debugging flags to enable CDP (Chrome DevTools Protocol) communication.
  • [COMMAND_EXECUTION]: The skill functions by writing and executing local Node.js scripts (.mjs) to perform automation tasks such as form filling and data extraction.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external websites into the agent's context.
  • Ingestion points: Untrusted data enters the agent context via page.content() and page.evaluate() calls in SKILL.md scripts.
  • Boundary markers: No specific delimiters or safety warnings for embedded instructions are specified in the prompts.
  • Capability inventory: The skill has access to shell execution (Bash) and file system operations (Read, Write) as defined in allowed-tools.
  • Sanitization: There is no evidence of content sanitization or validation of the HTML/text extracted from the browser before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 03:49 PM