Skills
skills/salmanferozkhan/cloud-and-fast-api/browsing-with-playwright/Gen Agent Trust Hub

browsing-with-playwright

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The file scripts/start-server.sh uses npx @playwright/mcp@latest to download and execute code from the npm registry at runtime, which is an unverified external source.
  • [REMOTE_CODE_EXECUTION] (HIGH): The browser_run_code tool allows the agent to execute arbitrary JavaScript strings, providing a direct vector for dynamic code execution.
  • [PROMPT_INJECTION] (HIGH): (Indirect Prompt Injection) The skill possesses a high-risk attack surface where untrusted data enters the context via browser_navigate and browser_snapshot (ingestion points) without boundary markers or sanitization. Combined with capabilities like browser_run_code, browser_fill_form, and browser_click (capability inventory), this allows malicious websites to hijack the agent's session.
  • [COMMAND_EXECUTION] (MEDIUM): The start-server.sh and stop-server.sh scripts use shell commands and pkill to manage processes, which could be manipulated if the environment or arguments are influenced by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:38 PM