Skills
skills/jpoutrin/product-forge/install-playwright-mcp/Gen Agent Trust Hub

install-playwright-mcp

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the @playwright/mcp package from the official NPM registry via npx during installation.
  • [COMMAND_EXECUTION]: Instructs the agent to run the claude mcp add command to register the browser automation server within the Claude Code environment.
  • [PROMPT_INJECTION]: The skill facilitates the processing of untrusted data from external websites, creating a surface for indirect prompt injection.
  • Ingestion points: Data from external URLs enters the agent context via browser tools like browser_navigate and browser_snapshot.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the installation instructions.
  • Capability inventory: The resulting tools allow the agent to click, type, navigate, and extract structured data within a browser environment.
  • Sanitization: No automated sanitization or filtering is performed on the content retrieved from external web pages.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 06:50 AM