playwright-browser
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
npx playwrightto facilitate the installation of browser binaries and the execution of end-to-end test suites within the host environment. - [EXTERNAL_DOWNLOADS]: Through the
browser_installtool and associated CLI commands, the skill downloads browser binaries from Microsoft's official Playwright distribution infrastructure. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when processing content from untrusted external websites.
- Ingestion points: Data enters the agent's context through
browser_navigate,browser_snapshot, andbrowser_console_messagesas described in SKILL.md. - Boundary markers: The skill does not define specific delimiters or instructional barriers to prevent the agent from following commands embedded in the web content it processes.
- Capability inventory: The skill grants the agent high-impact tools including
browser_run_code,browser_evaluate, andbrowser_file_upload. - Sanitization: There is no evidence of sanitization or validation protocols for the data retrieved from browser interactions before it is analyzed by the agent.
- [REMOTE_CODE_EXECUTION]: The
browser_run_codeandbrowser_evaluatetools allow for the dynamic execution of JavaScript or Playwright snippets, representing a high-privilege execution capability within the browser session. - [CREDENTIALS_UNSAFE]: The skill documentation includes instructions for managing authentication state via
auth-state.json. This file frequently contains sensitive session tokens or cookies, posing a risk of exposure if the file is not handled with appropriate security measures.
Audit Metadata