webapp-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): Uses 'npm init playwright@latest' to set up the environment. As the skill is from a trusted source (anthropics/skills), the use of this standard package manager is considered safe.- [COMMAND_EXECUTION] (SAFE): Includes commands like 'npx playwright test' which are the standard method for executing tests within this framework.- [PROMPT_INJECTION] (LOW): Contains an Indirect Prompt Injection surface (Category 8) as it processes untrusted web content and console logs. Mandatory Evidence: (1) Ingestion: via 'page.goto' and 'page.on(console)'. (2) Boundaries: None. (3) Capabilities: Browser control, network interception, and file system writes for screenshots. (4) Sanitization: None. This is an inherent risk of browser-based skills rather than a malicious defect.
Audit Metadata