headless-web-viewer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
render_url_playwright.mjsfetches geolocation data from the well-known servicehttps://ipinfo.ioto configure browser settings like locale and timezone. This is used for realistic web rendering and is documented in the skill instructions.\n- [COMMAND_EXECUTION]: The skill executes a Node.js script that utilizes the Playwright library to launch and control a headless browser. It provides capabilities to save rendered artifacts such as HTML, text, and screenshots to local file system paths specified as arguments.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its core functionality of rendering untrusted web content.\n - Ingestion points: Web content is ingested from external URLs via the
<URL>argument in therender_url_playwright.mjsscript.\n - Boundary markers: No explicit delimiters or instructions are used to distinguish between the fetched content and the agent's internal instructions.\n
- Capability inventory: The skill can perform network operations and write files to the local system via provided paths.\n
- Sanitization: There is no evidence of sanitization or filtering of the rendered webpage content before it is returned to the agent context.
Audit Metadata