playwright
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill enables browser automation, presenting a high-severity attack surface for Indirect Prompt Injection. 1. Ingestion points: Untrusted external data enters the agent context through navigation (
page.goto) and content selection (page.getByText,page.getByLabel) as seen in tests/login.spec.ts. 2. Boundary markers: The skill examples lack delimiters or instructions to ignore embedded commands within the ingested web content. 3. Capability inventory: The skill provides instructions for high-privilege actions includingpage.fill,page.click, andpage.routein SKILL.md. 4. Sanitization: There is no evidence of sanitization, validation, or filtering of external content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata