Skills
skills/moizibnyousaf/ai-agent-skills/playwright/Gen Agent Trust Hub

playwright

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and run the @playwright/cli package from the npm registry. This is an official tool from Microsoft, which is a trusted organization.
  • [COMMAND_EXECUTION]: A bash wrapper script (playwright_cli.sh) is used to execute browser automation commands locally on the system.
  • [REMOTE_CODE_EXECUTION]: The skill provides eval and run-code commands that enable the execution of dynamic JavaScript within the browser context.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it extracts and processes data from external web pages.
  • Ingestion points: The agent reads web content through browser snapshots (pwcli snapshot) and explicit data extraction (pwcli eval).
  • Boundary markers: No explicit markers are implemented to distinguish web content from system instructions.
  • Capability inventory: The skill can navigate the web, interact with forms, and execute JavaScript in the browser.
  • Sanitization: Extracted data is not visibly sanitized or filtered before being processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:17 PM