playwright-e2e
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes local scripts such as
./scripts/dev-runner.shand Playwright CLI commands. While intended for environment setup, executing arbitrary local scripts carries inherent risk if the script content is not verified. - EXTERNAL_DOWNLOADS (MEDIUM): The skill triggers
npm installandnpx playwright install chromium, which download and install external packages and browser binaries. Without a lockfile or pinned versions specified in the skill, this introduces a dependency on external registries. - DYNAMIC_EXECUTION (MEDIUM): The core workflow involves the 'Generator' phase, which writes executable TypeScript files (
.spec.ts). This code is dynamically created by an AI agent and subsequently intended for execution, which is a significant security surface. - INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: The 'Planner' agent reads data from a running web application's UI to generate test specifications.
- Boundary markers: No specific delimiters or safety instructions are mentioned to separate untrusted UI data from the test generation logic.
- Capability inventory: The workflow includes the ability to write files to the filesystem and execute them via the Playwright runner.
- Sanitization: There is no evidence of sanitization for the data scraped from the UI before it is used to generate executable code.
Audit Metadata