multi-user-workflow-to-playwright
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands including 'npm install --ignore-scripts' and 'npx tsc --noEmit' on generated project files during Phase 6. The use of the ignore-scripts flag is a security best practice that prevents the execution of arbitrary lifecycle scripts during dependency installation.
- [DATA_EXFILTRATION]: The skill involves the management of authentication states by reading session profiles from '.playwright/profiles/' and writing storage states to 'playwright/.auth/'. While these files contain sensitive session data, the skill correctly generates a .gitignore file to prevent these credentials from being committed to version control.
- [PROMPT_INJECTION]: The skill ingests untrusted documentation from markdown files (e.g., 'workflows/multi-user-workflows.md') and interpolates this content into generated executable code. This represents a surface for indirect prompt injection as there are no explicit boundary markers or sanitization logic during parsing. However, the requirement for mandatory user approval before any file writes significantly mitigates this risk.
Audit Metadata