Skills
skills/mikeyobrien/ralph-orchestrator/playwriter/Gen Agent Trust Hub

playwriter

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to manage browser sessions and run automation scripts through the playwriter CLI.
  • [EXTERNAL_DOWNLOADS]: It requires the installation of the playwriter Node.js package from the global npm registry.
  • [REMOTE_CODE_EXECUTION]: The skill uses an -e flag to execute arbitrary JavaScript code within the browser context, providing a direct interface for dynamic code execution.
  • [DATA_EXFILTRATION]: By targeting persistent Chrome sessions, the skill provides access to sensitive information such as authenticated cookies, saved logins, and browser extensions.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: Untrusted data is read from web pages via innerText and locator calls. Boundary markers: No markers or delimiters are present to distinguish page content from instructions. Capability inventory: The skill has the capability to execute shell commands and arbitrary scripts. Sanitization: There is no evidence of sanitization or escaping of external web content before it is processed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 09:33 AM