Playwright Browser Automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHNO_CODECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [NO_CODE] (INFO): The actual implementation files (SKILL.md and associated scripts) were not provided. This analysis is performed based on the metadata and stated capabilities.
- [COMMAND_EXECUTION] (HIGH): The description explicitly states that the skill 'writes clean test scripts to /tmp'. This indicates a workflow involving dynamic code generation and subsequent execution on the host machine, which is a major security risk.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from external websites while possessing high-privilege capabilities (file writing, network access, and script execution). A malicious website could embed instructions to manipulate the agent via the automation framework.
- [REMOTE_CODE_EXECUTION] (MEDIUM): Playwright-based automation typically requires the download and execution of browser binaries from remote repositories, which introduces risks associated with unverified external dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata