playwright-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the Playwright MCP server using npx from @anthropic-ai and @playwright. These sources are recognized as trusted organizations and well-known services.
- [COMMAND_EXECUTION]: Provides tools like browser_evaluate and browser_run_code for executing JavaScript and Playwright code, which are core functionalities for the intended purpose of browser automation.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. Ingestion points: Untrusted data enters via browser_snapshot and browser_evaluate (SKILL.md). Boundary markers: Absent; no delimiters are used to separate untrusted content from agent instructions. Capability inventory: High-privilege tools include browser_evaluate, browser_run_code, and browser_file_upload (SKILL.md). Sanitization: Absent; no validation of external content is mentioned.
Audit Metadata