playwright
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill utilizes
page.goto()to navigate to external websites, creating a significant ingestion point for untrusted data. Evidence: (1) Ingestion points: external web content via URL navigation; (2) Boundary markers: absent; (3) Capability inventory: full browser control, includingchromium.launch(),page.fill(),page.click(), andpage.screenshot(); (4) Sanitization: absent. Malicious content on visited pages could compromise the agent's logic.\n- Dynamic Execution (MEDIUM): The skill facilitates the runtime generation and execution of automation scripts. It useschromium.launch()to spawn external browser processes and executes JavaScript in the context of remote pages to perform automated interactions.
Recommendations
- AI detected serious security threats
Audit Metadata