playwright
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses standard, well-documented browser automation patterns with no detected malicious behavior or obfuscation.
- [SAFE]: Sensitive data management is handled securely through the use of environment variables (e.g., process.env.LINKEDIN_PASSWORD, process.env.API_TOKEN) rather than hardcoded credentials.
- [EXTERNAL_DOWNLOADS]: Dependencies such as playwright and @playwright/test are sourced from Microsoft, a trusted organization. Community plugins like playwright-extra and puppeteer-extra-plugin-stealth are standard for the described use cases.
- [SAFE]: Docker configuration follows security best practices by recommending the use of non-root users and pinned image versions from official Microsoft registries.
- [SAFE]: While the skill involves processing untrusted web data (Indirect Prompt Injection surface), it is assessed as safe within its primary context. (Ingestion points: references/advanced-topics.md [page.evaluate], references/common-patterns.md [textContent]; Boundary markers: None mentioned for external web content; Capability inventory: Browser automation [network, JS execution], local file system access [screenshots, session storage]; Sanitization: No explicit sanitization demonstrated).
Audit Metadata