playwright-skill
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (CRITICAL): The script 'run.js' is designed to take arbitrary code from command-line arguments or stdin, write it to a temporary file, and execute it using Node.js's 'require' function. This provides a direct path for full system compromise.
- [Indirect Prompt Injection] (HIGH): The skill offers a high-privilege execution environment (browser automation) with no input sanitization. Evidence: Ingestion points: run.js (stdin and CLI arguments). Boundary markers: None. Capability inventory: Full filesystem and network access via Node.js and Playwright. Sanitization: None. This allows malicious external content (e.g., from a website the agent visits) to trigger local code execution.
- [Dynamic Execution] (CRITICAL): Writing unverified input to a .js file and executing it via 'require()' is a highly unsafe dynamic execution pattern that bypasses standard security boundaries.
- [External Downloads] (MEDIUM): The skill automatically performs 'npm install' and 'npx playwright install' at runtime. Since the skill is from an untrusted author ('lackeyjb'), these downloads and the resulting setup scripts are unverified and pose a supply chain risk.
Recommendations
- AI detected serious security threats
Audit Metadata