playwright-flow-recorder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to translate natural language instructions into executable Playwright code, which creates a significant attack surface for indirect prompt injection. If the agent processes untrusted text, an attacker could manipulate the generated script to perform unauthorized actions.\n
- Ingestion points: Natural language patterns defined in
references/playwright-actions.md.\n - Boundary markers: No explicit delimiters or instructions are provided in the template (
assets/test-template.ts) to prevent the agent from following instructions embedded within the data it is processing.\n - Capability inventory: The skill enables comprehensive browser control, including navigation (
page.goto), form interaction (page.fill), and keyboard/mouse simulation (page.keyboard.press), as seen inreferences/playwright-actions.md.\n - Sanitization: There is no evidence of sanitization or validation of the natural language inputs before they are mapped to Playwright commands.
Audit Metadata