Skills
skills/skillcreatorai/ai-agent-skills/playwright/Gen Agent Trust Hub

playwright

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the @playwright/cli package from the official NPM registry using npx in the scripts/playwright_cli.sh wrapper script. This is the standard method for executing this utility and originates from a trusted organization.
  • [COMMAND_EXECUTION]: A local bash script (scripts/playwright_cli.sh) is used to execute the Playwright CLI for tasks such as clicking, typing, and capturing page states.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes content from untrusted external websites.
  • Ingestion points: Web page content is ingested through snapshot and eval commands as described in SKILL.md and references/workflows.md.
  • Boundary markers: The skill does not provide specific delimiters or instructions to treat web content as data rather than instructions.
  • Capability inventory: The agent can navigate, fill forms, and execute arbitrary JavaScript code via eval and run-code within the browser context, as listed in references/cli.md.
  • Sanitization: There is no evidence of filtering or validation of the content retrieved from web pages before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 11:49 PM