playwright
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The 'run.js' utility provides a mechanism for dynamic code execution. It accepts JavaScript code via files or arguments, wraps it in a template, and executes it using the Node.js dynamic import function.
- [EXTERNAL_DOWNLOADS]: The skill's setup process installs the Playwright framework and downloads browser binaries from official package registries.
- [COMMAND_EXECUTION]: Multiple scripts and instructions use shell commands for tasks such as environment setup, server detection, and running the automation engine. The 'run.js' file uses 'child_process.execSync' for automated installations.
- [DATA_EXFILTRATION]: The skill includes tools to extract data from websites, such as 'extractTableData' and 'takeScreenshot' in 'lib/helpers.js'. These capabilities can be used to capture sensitive information if the agent visits untrusted or malicious URLs.
- [PROMPT_INJECTION]: Because the skill processes content from external websites, it is vulnerable to indirect prompt injection. Malicious instructions hidden in a website's HTML could attempt to manipulate the agent's behavior or exfiltrate data from the browser session.
Audit Metadata