playwright-cli
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Dynamic Script Execution: The
run-codeandevalcommands allow for the execution of JavaScript directly within the browser context. This is a core feature of Playwright that enables advanced interactions, such as handling geolocation permissions or complex page logic, which are standard for web automation workflows. - Session and Sensitive Data Management: The skill provides comprehensive tools for managing browser storage, including
state-saveandcookie-get. These features enable session persistence and are essential for automated testing of authenticated applications. The documentation provides helpful guidance on handling these files securely. - File System Integration: The tool can interact with the local file system to upload documents, save screenshots, and store PDF exports. These capabilities are necessary for the skill's primary purpose of capturing web data and testing file-related features.
- Indirect Interaction Surface: Because the skill processes data from external websites, it presents a surface for 'indirect prompt injection.' This is a general consideration for any browser-based agent where information on a webpage might influence the agent's next steps.
- Ingestion points: External web content is ingested through commands like
playwright-cli snapshotandgoto. - Boundary markers: None explicitly defined in the skill's command documentation.
- Capability inventory: Includes browser navigation, file system writes, and arbitrary JavaScript execution via
run-code. - Sanitization: Web content is typically processed as raw text or structured snapshots as provided by the browser engine.
Audit Metadata