Skills
skills/poletron/custom-rules/playwright-skill/Gen Agent Trust Hub

playwright-skill

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • Dynamic Execution (HIGH): The run.js script implements a pattern where it reads arbitrary input from process.argv or stdin, writes it to a temporary file in the skill directory (.temp-execution-*.js), and then executes that file using the require() function. This is functionally equivalent to eval() and allows for the execution of any JavaScript code with the full privileges of the agent process. \n- Indirect Prompt Injection (LOW): This skill serves as a high-privilege execution sink for instructions that may be retrieved from untrusted external sources. \n
  • Ingestion points: run.js accepts input via CLI arguments (process.argv) and standard input (process.stdin). \n
  • Boundary markers: None. The script does not use delimiters or instructions to ignore embedded commands. \n
  • Capability inventory: The script has access to the fs module for file operations, the child_process module for command execution (execSync), and the full playwright library for browser automation. \n
  • Sanitization: There is no validation, escaping, or filtering of the input before it is written to a file and executed. \n- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill automatically executes npm install and npx playwright install via execSync if the playwright package is not found. While these specific commands target reputable sources, the use of shell execution for dependency management is a high-risk primitive.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:40 PM