Skills
skills/rabbit-ivan/ivan-skills/playwright-interactive/Gen Agent Trust Hub

playwright-interactive

Fail

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill explicitly instructs the user to disable security sandboxing using the --sandbox danger-full-access flag, which is a direct request to override the agent's safety boundaries.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through data ingestion at page.goto(TARGET_URL) in SKILL.md. It lacks boundary markers and sanitization while maintaining high capabilities including subprocess execution and REPL access.
  • [COMMAND_EXECUTION]: The setup process executes local shell commands such as npm install, npx playwright install, and npm init within the user's workspace.
  • [REMOTE_CODE_EXECUTION]: Employs dynamic code execution via js_repl for browser automation and launches local Electron binaries using electronLauncher.launch with arbitrary arguments.
  • [EXTERNAL_DOWNLOADS]: Fetches browser binaries and Node.js packages from public registries during the initialization phase.
  • [SAFE]: Dependencies and resources are sourced from trusted organizations, specifically Microsoft for the Playwright library.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 8, 2026, 11:00 AM