mcp-playwright
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes the
microsoft/playwright-mcpserver. According to the [TRUST-SCOPE-RULE], dependencies from the 'microsoft' organization are considered trusted, downgrading this finding from MEDIUM to LOW. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8c: Tool output poisoning). An attacker could place malicious instructions on a website that the agent visits using this skill.
- Ingestion points: The skill retrieves and processes untrusted data from external URLs via browser navigation as described in
SKILL.mdprompt templates. - Boundary markers: No boundary markers or 'ignore' instructions are defined to separate web content from agent instructions.
- Capability inventory: The skill allows browser-driven verification, DOM access, and screenshot capture, which can be leveraged if the agent obeys instructions found on a page.
- Sanitization: No sanitization or validation of the external content is performed before it is added to the agent's context.
Audit Metadata