playwright-cli
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
run-codecommand allows for the execution of arbitrary JavaScript within the browser environment. This provides a powerful dynamic execution surface that could be abused if the agent is directed to run untrusted code. - [DATA_EXFILTRATION]: Commands such as
state-save,cookie-get, andlocalstorage-getprovide access to sensitive browser session data. If redirected, this information (including authentication tokens) could be exposed or saved to files. - [COMMAND_EXECUTION]: The skill utilizes a set of
playwright-clicommands to interact with the system and browser. Theallowed-toolsconfiguration scopes this to theplaywright-clibinary. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes content from external websites. * Ingestion points:
playwright-cli snapshot,playwright-cli eval, andplaywright-cli run-coderesults. * Boundary markers: None identified in the instruction set. * Capability inventory: Includes full browser navigation, interaction, file system writes (screenshots, PDFs, state files), and network request modification. * Sanitization: No explicit content sanitization or instruction filtering is documented for web page data before it is returned to the agent context.
Audit Metadata