Skills
skills/sickn33/antigravity-awesome-skills/playwright-skill/Gen Agent Trust Hub

playwright-skill

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The run.js file implements a universal executor that accepts JavaScript code as a string or file, writes it to a temporary file (.temp-execution-*.js), and executes it using the Node.js require() function.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external websites and developer servers that could contain malicious instructions.
  • Ingestion points: Data enters the agent's context via page.goto() and subsequent interactions with web pages defined by user-provided or auto-detected URLs.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the content retrieved from web pages.
  • Capability inventory: The skill possesses the ability to execute arbitrary JavaScript, interact with DOM elements, fill forms, and manage browser contexts.
  • Sanitization: No sanitization or validation of the content fetched from the browser is performed before it is presented to the agent.
  • [COMMAND_EXECUTION]: The skill utilizes child_process.execSync in run.js to perform setup tasks, such as installing packages and browser binaries. It also relies on shell-based execution for running the generated Playwright scripts.
  • [EXTERNAL_DOWNLOADS]: The setup script in package.json downloads the playwright dependency from the NPM registry and fetches browser binaries from official Microsoft/Playwright sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 05:02 PM