playwright-cli
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides a
run-codecommand that allows for the execution of arbitrary JavaScript and Playwright code within the browser context. This capability can be used to perform advanced actions such as granting browser permissions (geolocation, camera, etc.) and interacting with the system clipboard. - [COMMAND_EXECUTION]: The skill includes an
evalsubcommand for executing arbitrary JavaScript expressions against specific page elements or the global document scope to inspect attributes and styles. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion and processing of untrusted web content.
- Ingestion points: External data enters the agent context via browser navigation (
goto), snapshots, and metadata commands (SKILL.md). - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the processed data.
- Capability inventory: The agent possesses high-impact tools including arbitrary code execution (
run-code,eval) and file-system operations for saving browser state, screenshots, and videos. - Sanitization: The skill does not implement sanitization or filtering of external web content before providing it to the agent.
Audit Metadata