go-playwright
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to download and install Playwright drivers and browser binaries using the command
go run github.com/playwright-community/playwright-go/cmd/playwright@latest install --with-deps. This targets a well-known community repository associated with the Playwright project. - [COMMAND_EXECUTION]: The implementation of the skill requires the execution of system-level commands to install the necessary browser engines and dependencies required for the Playwright library to function.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external, untrusted websites, which serves as a potential surface for indirect prompt injection attacks.
- Ingestion points: Content from any URL targeted for scraping or automation (e.g.,
page.Goto). - Boundary markers: Absent. The instructions do not specify any delimiters or safety prompts to prevent the agent from interpreting instructions found within the scraped content.
- Capability inventory: Full browser control including JavaScript execution, network requests, and cookie management via the Playwright Go API.
- Sanitization: Absent. There is no mention of filtering or sanitizing the data retrieved from web pages before it is processed by the agent.
Audit Metadata