validate-e2e
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from the UI it interacts with, which could contain malicious instructions. Evidence Chain: 1. Ingestion points: UI elements, page text, and element properties accessed via Playwright tools. 2. Boundary markers: None present to distinguish UI content from agent instructions. 3. Capability inventory: Navigation, clicking, form filling, and JavaScript evaluation (
mcp_playwright_browser_evaluate). 4. Sanitization: No sanitization of UI-sourced content before processing. - Dynamic Execution (LOW): The skill employs
mcp_playwright_browser_evaluateto run arbitrary JavaScript code within the browser context. While standard for Playwright automation, this is a vector for runtime code execution.
Audit Metadata