Skills
skills/firecrawl/skills/playwright/Gen Agent Trust Hub

playwright

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a bash wrapper script (scripts/playwright_cli.sh) to execute browser automation commands via the system shell.
  • [EXTERNAL_DOWNLOADS]: Uses npx to dynamically download and run the @playwright/cli package from the npm registry. This package is part of the well-known Playwright project maintained by Microsoft.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interacts with and processes untrusted data from external websites.
  • Ingestion points: Untrusted web content is ingested through the open and snapshot commands in SKILL.md and references/cli.md.
  • Boundary markers: No explicit delimiters or boundary markers are used to separate web content from agent instructions.
  • Capability inventory: The skill can execute shell commands, perform network requests through the browser, and write files to the local system (e.g., screenshots and traces).
  • Sanitization: No sanitization or filtering of browser-rendered content is mentioned prior to processing element snapshots.
  • [REMOTE_CODE_EXECUTION]: The skill exposes eval and run-code functionality in references/cli.md, which allows for the execution of arbitrary JavaScript code strings within the automated browser context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 08:24 PM