Skills
skills/microsoft/playwright-cli/dev/Gen Agent Trust Hub

dev

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill instructions require the agent to execute shell commands such as npm install, node scripts/update.js, and npm run test. While expected in a development repository, these commands execute code that could be modified locally.
  • [EXTERNAL_DOWNLOADS] (LOW): The npm install process fetches external packages (playwright, @playwright/test) from the npm registry. These are well-known packages, but the process still involves downloading and executing third-party code.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The workflow involves regenerating the SKILL.md file using output from node playwright-cli.js install --skills. This creates an ingestion surface where tool output is converted into agent instructions, though the risk is minimized as the output is generated by the project's own CLI.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 08:19 AM