playwright
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script 'scripts/playwright_cli.sh' uses 'npx' to fetch the '@playwright/cli' package from the official NPM registry, which is a trusted source maintained by Microsoft.
- [REMOTE_CODE_EXECUTION]: The skill executes the '@playwright/cli' package to perform browser-based tasks. This execution is from a trusted organization and is central to the skill's functionality.
- [COMMAND_EXECUTION]: The agent runs shell commands via 'scripts/playwright_cli.sh' to control a headless or headed browser.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads untrusted data from external websites. Ingestion points: External site data is ingested via 'pwcli open' and 'pwcli snapshot' as shown in 'references/cli.md'. Boundary markers: No delimiters or instructions to ignore embedded instructions are used when processing site content. Capability inventory: The skill can execute subprocesses via the bash wrapper and write files to the 'output/' directory. Sanitization: No content sanitization or validation is performed on the data retrieved from the browser.
Audit Metadata