playwright-cli
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@playwright/mcppackage via npm. This package is maintained by Microsoft, which is a trusted organization. Documentation and source code are hosted on Microsoft's official GitHub repository. - [COMMAND_EXECUTION]: Includes the
playwright-cli run-code <code>command. This enables the execution of JavaScript snippets within the browser's context to facilitate complex automation tasks. This functionality is standard for the tool's primary purpose of browser automation. - [DATA_EXFILTRATION]: The skill can access browser console logs, network traffic, and take screenshots or PDFs via commands like
playwright-cli console,playwright-cli network, andplaywright-cli screenshot. This is consistent with its role as a testing and automation tool. - [PROMPT_INJECTION]: As a tool designed to interact with external web content using
playwright-cli open, it possesses an indirect prompt injection surface. - Ingestion points: Web content is ingested through the
openandsnapshotcommands. - Boundary markers: None identified in the skill configuration.
- Capability inventory: The tool can execute scripts (
run-code), write files (screenshot,pdf), and access network data. - Sanitization: No specific sanitization or filtering of web-based instructions is described.
Audit Metadata