Skills
skills/plurigrid/asi/playwright/Gen Agent Trust Hub

playwright

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the browser automation server from Anthropic's official NPM registry using npx. This is a trusted source and follows standard deployment practices.
  • [COMMAND_EXECUTION]: Executes the npx command to launch the Playwright MCP server. This is the intended operation for providing browser automation features to the agent.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it is designed to ingest and process data from external websites.
  • Ingestion points: Tools such as navigate_page, get_page_content, and get_text defined in SKILL.md allow untrusted external data to enter the agent's context.
  • Boundary markers: The skill documentation does not mention the use of delimiters or specific instructions to help the model distinguish between system instructions and content retrieved from the web.
  • Capability inventory: The skill includes powerful interaction tools like click, fill, and evaluate (JavaScript execution) which could be misused if the agent follows instructions hidden within a malicious webpage.
  • Sanitization: There is no evidence of filtering or sanitizing the web content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 07:38 PM