Skills
skills/replayio/skills/replay-playwright/Gen Agent Trust Hub

replay-playwright

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill installs the Replay browser via npx replayio install and requires the @replayio/playwright package. These are external dependencies not included in the trusted source list.
  • REMOTE_CODE_EXECUTION (MEDIUM): The skill instructs the user to configure a remote MCP server located at https://dispatch.replay.io/nut/mcp. This allows an external service to influence agent behavior through tool definitions.
  • COMMAND_EXECUTION (LOW): Multiple commands are executed via Bash tools (npm, npx, yarn, pnpm, bun) to install software and run tests.
  • DATA_EXFILTRATION (LOW): The REPLAY_API_KEY is passed in an Authorization header to the Replay dispatch URL. While this is necessary for the service's functionality, it involves the transmission of sensitive credentials to a non-whitelisted domain.
  • INDIRECT_PROMPT_INJECTION (LOW):
  • Ingestion points: The agent receives data from the mcp__replay tool output.
  • Boundary markers: No specific delimiters or safety instructions are provided to the agent for processing the remote tool's output.
  • Capability inventory: The skill has broad execution capabilities through the permitted Bash tool variants.
  • Sanitization: There is no explicit sanitization logic for data returned from the MCP server.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 07:45 PM