electron
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
playwright-cli run-codeto execute arbitrary Playwright/JavaScript logic. This is a primary feature for handling complex automation scenarios but constitutes a dynamic execution vector within the automated application's context. - [EXTERNAL_DOWNLOADS]: The skill uses
npx playwright-cli, which may download and execute theplaywright-clipackage from the public NPM registry at runtime if it is not already present on the system. - [COMMAND_EXECUTION]: The skill provides instructions for process management using
kill,ps, andlsof. It includes specific 'Critical Safety Rules' to ensure the agent does not terminate its own process or other critical system components. - [REMOTE_CODE_EXECUTION]: A command pattern pipes JSON data from a local endpoint (
http://localhost:9222/json) directly intopython3. Although the Python code is provided as a local argument via-c, this pattern processes external (network-derived) data through a language interpreter.
Recommendations
- HIGH: Downloads and executes remote code from: http://localhost:9222/json - DO NOT USE without thorough review
Audit Metadata