Skills
skills/subhankaladi/personal-ai-employee/browsing-with-playwright/Gen Agent Trust Hub

browsing-with-playwright

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [External Downloads] (HIGH): The scripts/start-server.sh file uses npx @playwright/mcp@latest. This command downloads and executes the most recent version of an external package from the npm registry without version pinning or integrity checks.
  • [Remote Code Execution] (HIGH): The browser_run_code tool (documented in SKILL.md) allows for the execution of arbitrary JavaScript functions within the server context. An attacker could use this to execute malicious code on the host system via the browser automation framework.
  • [Command Execution] (MEDIUM): The skill relies on shell scripts (start-server.sh, stop-server.sh) that wrap various system commands like npx, pkill, and python3 to manage background processes.
  • [Indirect Prompt Injection] (LOW): The skill is designed to scrape and interact with web content. It is vulnerable to instructions hidden in websites that could be interpreted by the agent. 1. Ingestion points: Web content retrieved via browser_snapshot and browser_evaluate in SKILL.md. 2. Boundary markers: None identified. 3. Capability inventory: Arbitrary JS execution (browser_run_code), navigation, and interaction in SKILL.md. 4. Sanitization: None identified.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 10:31 PM