Skills
NYC
skills/shipshitdev/library/playwright-e2e-init/Gen Agent Trust Hub

playwright-e2e-init

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill analyzes existing project files to generate tests and subsequently modifies CI/CD workflow files.
  • Ingestion points: Project source code and application pages are read by the agent to 'Create example tests for existing pages'.
  • Boundary markers: None. The agent processes raw application code without delimiters or safety instructions to ignore embedded commands.
  • Capability inventory: The skill has the authority to modify GitHub Actions YAML files, edit package.json scripts, and write new executable test files.
  • Sanitization: No sanitization or validation of the ingested code is performed before the agent updates the CI/CD configuration.
  • Risk: An attacker could place malicious instructions in application comments or metadata that trick the agent into adding exfiltration steps or backdoors to the GitHub Actions workflow during the setup process.
  • [COMMAND_EXECUTION] (MEDIUM): The skill configures a webServer command (bun run dev) inside playwright.config.ts and adds several npm scripts to package.json. While standard for E2E testing, this provides a mechanism for local command execution that is automatically triggered during testing.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill installs the @playwright/test package and browser binaries using bun and bunx. Because Playwright is maintained by Microsoft (a trusted organization), the severity of this external dependency is downgraded to LOW.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:31 PM