The Agent Skills Directory

Sandbox Security Boundary Modification: The documentation recommends using the --sandbox danger-full-access flag to bypass the default security isolation. This allows the Playwright automation to function correctly but significantly expands the attack surface by granting the environment full access to the host system.
Indirect Prompt Injection Surface: The skill uses page.goto() to interact with external websites. This ingestion point lacks explicit boundary markers or sanitization, meaning that any instructions found on the target web page could potentially be interpreted by the agent as commands.
Execution of Package Management Commands: The setup process uses npm install and npx to fetch and run development tools. While these are standard practices for the playwright and electron libraries, executing these in a non-sandboxed environment requires careful management of the development workspace.
Dynamic Code Execution Environment: The skill's core logic operates through a js_repl session, which involves the dynamic execution of JavaScript. This capability is used to control browsers and inspect application state, which is a powerful function that should be used with awareness of the context being debugged.

playwright-interactive