skills/questfortech-investments/claude-code-skills/Playwright Browser Automation/Gen Agent Trust Hub
Playwright Browser Automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): File '.temp-execution-1763157844206.js' contains hardcoded plaintext credentials ('admin' / 'Admin123456') for an automated login process.
- REMOTE_CODE_EXECUTION (HIGH): The 'run.js' script implements a universal executor that takes arbitrary code strings from input and executes them using the 'require()' function. This allows for arbitrary code execution within the host environment.
- COMMAND_EXECUTION (MEDIUM): 'run.js' invokes 'execSync' to run shell commands like 'npm install', providing an additional vector for command injection or system manipulation.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill automatically downloads and installs the Playwright package and Chromium browser binaries from the internet at runtime via 'npm install' and 'npx playwright install'.
- PROMPT_INJECTION (HIGH): The skill processes external web content and possesses dangerous execution capabilities. An attacker-controlled website could use this surface to inject instructions that the agent executes via the 'run.js' wrapper. Evidence: 1. Ingestion: 'page.evaluate' in '.temp-execution-1763157844206.js'. 2. Boundaries: Absent. 3. Capabilities: Subprocess execution and dynamic 'require' in 'run.js'. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata