Skills
skills/neonwatty/qa-skills/use-profiles/Gen Agent Trust Hub

use-profiles

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill is specifically designed to read and load Playwright storageState files (.playwright/profiles/*.json). These files contain highly sensitive authentication information, including active session cookies and localStorage tokens, which are treated as live credentials.
  • [COMMAND_EXECUTION]: The skill constructs and executes Bash commands via the playwright-cli using placeholders such as {session}, <role-name>, <origin>, and <name>. If these parameters are populated with unsanitized data containing shell metacharacters, it could lead to arbitrary command injection.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting and acting upon untrusted data.
  • Ingestion points: Project configuration files (.playwright/profiles.json) and output from playwright-cli snapshot (representing live browser content).
  • Boundary markers: Absent; the skill does not define delimiters or provide instructions to ignore potentially malicious content within the ingested data.
  • Capability inventory: Subprocess calls via playwright-cli for navigating the browser, loading state, and modifying storage.
  • Sanitization: None; data extracted from the profile configuration and browser output is used directly to determine agent actions and populate command arguments.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 01:40 AM