playwright-cli
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Bash to run Playwright CLI commands like test, codegen, and open. These are standard operations for web automation and do not exhibit malicious intent.
- [EXTERNAL_DOWNLOADS]: Browser binaries and OS dependencies are downloaded from official Microsoft infrastructure through the playwright install command. These sources are trusted.
- [DATA_EXFILTRATION]: The skill supports the persistence of browser authentication states using storage files. While a standard feature, users should treat these files as containing sensitive credentials.
- [PROMPT_INJECTION]: The skill's ingestion of arbitrary URLs creates a surface for indirect prompt injection. Evidence: 1. Ingestion points: URL parameters in commands. 2. Boundary markers: None. 3. Capability inventory: Bash command execution. 4. Sanitization: None.
Audit Metadata