Skills
skills/ladderchaos/tora-skills/playwriter/Gen Agent Trust Hub

playwriter

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): Uses npx -y playwriter@latest to execute an unverified package from a non-trusted source. This bypasses version pinning and can pull malicious updates from the npm registry.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The execute tool permits arbitrary JavaScript/Playwright execution. While primarily affecting the browser instance, this can be leveraged to interact with internal network services (localhost) or exfiltrate session data (cookies/tokens).
  • [COMMAND_EXECUTION] (MEDIUM): The MCP configuration initiates shell-level activity via npx to fetch and run the server code.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted web content. Evidence: 1. Ingestion points: page.goto() in SKILL.md. 2. Boundary markers: None. 3. Capability inventory: Arbitrary JS execution and network access. 4. Sanitization: None provided for extracted web data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:40 PM