playwright
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and run the@playwright/mcppackage from the official NPM registry. This package is part of the well-known Playwright framework, maintained by Microsoft. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it is designed to visit and extract content from arbitrary third-party websites.
- Ingestion points: External web content is ingested via the
pwcli openandpwcli snapshotcommands. - Boundary markers: There are no explicit markers or safety instructions used to isolate the data retrieved from the web from the agent's instructions.
- Capability inventory: The skill can perform complex browser interactions, execute JavaScript, and capture screenshots.
- Sanitization: No sanitization or filtering of the extracted web content is implemented.
- [COMMAND_EXECUTION]: The skill provides
evalandrun-codecommands that allow the execution of arbitrary JavaScript within the automated browser instance. While contained within the browser context, this allows for dynamic code execution to facilitate automation workflows. - [COMMAND_EXECUTION]: The skill relies on a local shell script (
scripts/playwright_cli.sh) to execute the Playwright CLI vianpx.
Audit Metadata