playwright-local
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): Skill documentation and scripts automate browser binary downloads via 'npx playwright install' from official Microsoft sources.
- COMMAND_EXECUTION (LOW): Includes shell scripts for environment setup and encourages running templates via 'npx tsx'.
- PROMPT_INJECTION (LOW): Inherent indirect prompt injection surface through web scraping capabilities. Evidence Chain: 1. Ingestion points: Scraped page content and titles in basic-scrape.ts and stealth-mode.ts. 2. Boundary markers: Absent. 3. Capability inventory: Network, file system access, and command execution. 4. Sanitization: Absent in provided templates.
- CREDENTIALS_UNSAFE (SAFE): Uses environment variables for authentication configuration in templates, which is a standard best practice.
Audit Metadata