Skills
skills/supercent-io/skills-template/playwriter/Snyk

playwriter

Fail

Audited by Snyk on Mar 10, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed sensitive tokens directly in CLI commands and MCP config (e.g., --token my-secret, PLAYWRITER_TOKEN in JSON), which would require the agent to include secret values verbatim in generated commands/configs — a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill exposes high-risk backdoor-like capabilities — arbitrary JavaScript execution against a user's live, authenticated browser (via -e / MCP execute), an auto-starting localhost WebSocket relay and optional remote relay/tunneling with token auth, plus explicit access to existing logins/cookies, network interception, and session persistence — any of which can be used to steal credentials, exfiltrate data, or enable remote control of a user's browser if misused or if the package/extension is compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's core workflow and MCP/expose execute tool explicitly run Playwright commands like page.goto(...) and snapshot()/getPageMarkdown() against arbitrary web URLs (see SKILL.md "Navigate and observe", the -e/--eval examples, and "Built-in globals"), so the agent will fetch and interpret untrusted public web content which can directly influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 10, 2026, 09:59 AM