playwright
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates browser automation to interact with and read content from web applications. This creates an indirect prompt injection surface where instructions embedded in the tested web pages or logs could influence the agent's behavior. \n
- Ingestion points: browser content accessed via
Page.GotoAsyncand logs captured viaPage.ConsoleinSKILL.mdandreferences/workflows.md. \n - Boundary markers: The provided C# code snippets do not include explicit delimiters or instructions to ignore embedded commands. \n
- Capability inventory: The skill allows the use of
Bash,Write, andEdittools, which could be exploited if an injection occurs. \n - Sanitization: No sanitization of scraped browser content is demonstrated in the patterns. \n- [EXTERNAL_DOWNLOADS]: The CI/CD and setup documentation includes instructions for downloading browser binaries and necessary system dependencies. \n
- Evidence: The GitHub Actions configuration in
references/workflows.mdexecutesplaywright.ps1 installto fetch Chromium and other dependencies. This is documented as a standard setup step from a well-known vendor. \n- [COMMAND_EXECUTION]: The skill requires running various CLI tools to build and execute the test suite. \n - Evidence: instructions in
SKILL.mdandreferences/workflows.mdinclude the use ofdotnet build,dotnet test, anddotnet run, as well as a local script./run-e2e-tests.ps1to manage the testing lifecycle.
Audit Metadata