playwright-skill
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill requires a local file
./lib/helperswhich was not provided in the analyzed source. It also automatically executesnpm installandnpx playwright installto fetch dependencies from external registries. These actions are downgraded to LOW as they are part of the intended setup process and involve trusted organizations like Microsoft. - [Dynamic Execution] (MEDIUM): The
run.jsscript implements a 'Universal Executor' pattern that accepts raw code from standard input or command line arguments, writes it to a temporary file, and executes it usingrequire(). This allows for arbitrary code execution within the Node.js environment. While this is the primary purpose of the skill, it represents a significant security surface that requires careful handling by the agent. - [Indirect Prompt Injection] (LOW): This skill provides an agent with the ability to navigate and interact with the web. It is vulnerable to indirect prompt injection if the agent processes malicious instructions found on external websites.
- Ingestion points: Standard input and command line arguments in
run.jsused to pass code to Playwright. - Boundary markers: None; the skill executes the provided input directly.
- Capability inventory: Full access to the filesystem, child processes, and network via the Node.js environment.
- Sanitization: None; the input is wrapped in a template and executed as-is.
Audit Metadata