playwriter
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands using the
playwriterCLI to initialize sessions, manage browser state, and run JavaScript snippets. It also relies on a dynamic instruction set fetched via theplaywriter skillcommand.\n- [EXTERNAL_DOWNLOADS]: The documentation instructs the agent to usenpx playwriter@latestorbunx playwriter@latest, which downloads and executes a package from the public NPM registry. This package is maintained by the skill author and serves as a vendor resource.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external websites. Ingestion points: Web page HTML retrieved viagetCleanHTMLand accessibility trees retrieved viaaccessibilitySnapshot. Boundary markers: None specified in the provided instructions. Capability inventory: The agent can execute local shell commands and evaluate JavaScript in a stateful sandbox. Sanitization: No sanitization, filtering, or escaping of ingested web content is mentioned in the skill definition.
Audit Metadata