playwright-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs the @playwright/mcp package from npm. This finding is downgraded to LOW because the source (Microsoft/Playwright) is a trusted entity.\n- [COMMAND_EXECUTION] (LOW): The skill exposes a command-line interface for browser automation. This is the primary functionality of the skill and is considered safe given the trusted source.\n- [DYNAMIC_EXECUTION] (MEDIUM): The 'run-code' command allows for the execution of arbitrary JavaScript within the browser context. This is an intended automation feature but presents a capability that should be monitored when the agent interacts with untrusted websites.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted content from external URLs, creating a surface for indirect prompt injection.\n
- Ingestion points: 'open' and 'snapshot' commands.\n
- Boundary markers: None identified in the prompt templates.\n
- Capability inventory: Browser interaction, JavaScript execution, and screenshot/PDF export.\n
- Sanitization: Relies on default browser sandboxing; no explicit prompt-level sanitization provided.
Audit Metadata