playwright-cli
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the @playwright/mcp package from the official npm registry. This package is maintained by Microsoft, a verified trusted organization.\n- [COMMAND_EXECUTION]: Provides a comprehensive suite of commands via playwright-cli to control browser behavior, including navigation, mouse/keyboard input, and session management.\n- [REMOTE_CODE_EXECUTION]: Includes a run-code command that allows for the execution of arbitrary JavaScript within the browser context. This is an intended feature for automation but requires careful handling of input.\n- [DATA_EXFILTRATION]: Contains features to capture screenshots, export PDFs, and manage persistent browser sessions which may include cookies and local storage.\n- [PROMPT_INJECTION]: Potential surface for indirect prompt injection as the agent parses content from arbitrary URLs.\n
- Ingestion points: Web page content loaded via playwright-cli open.\n
- Boundary markers: Absent.\n
- Capability inventory: Includes run-code, screenshot, and element interaction commands.\n
- Sanitization: Not specified in the skill definition.
Audit Metadata