playwright-mcp-skill
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the @playwright/mcp package from the NPM registry. This package is provided by Microsoft, which is a recognized trusted organization.
- [COMMAND_EXECUTION]: The skill utilizes the uxc utility to link and execute browser automation commands. This includes the browser_run_code function, which allows for executing arbitrary JavaScript within the browser context to perform complex automation tasks.
- [PROMPT_INJECTION]: This skill possesses a vulnerability surface for indirect prompt injection.
- Ingestion points: Untrusted external data is ingested into the agent context through the browser_navigate and browser_snapshot operations as described in SKILL.md and usage-patterns.md.
- Boundary markers: There are no explicit delimiters or system instructions provided to ensure the agent ignores malicious prompts that might be embedded in the retrieved web content.
- Capability inventory: The skill has significant capabilities, including executing subprocesses via the uxc command and running JavaScript in the browser environment.
- Sanitization: No sanitization or validation of the data retrieved from external web pages is performed before processing.
Audit Metadata