playwright-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill's instruction file (
SKILL.md) directs the agent to fetch content fromhttps://raw.githubusercontent.com/vitalics/playwright-labs/tree/main/packages/playwright-best-practices/AGENTS.mdat runtime. The GitHub accountvitalicsis not included in the trusted organizations list, making the remote instructions an unverifiable dependency.\n- PROMPT_INJECTION (LOW): This skill exhibits a significant surface for Indirect Prompt Injection. It is explicitly designed to retrieve and obey 'rules and output format instructions' from a remote URL that is not under the control of the skill user or a trusted entity.\n - Ingestion points:
SKILL.md(viaWebFetchof the remoteAGENTS.mdfile) and local code files provided by the user for review.\n - Boundary markers (absent): There are no delimiters or explicit instructions provided to the agent to treat the fetched content as data rather than active instructions, nor are there warnings to ignore embedded commands.\n
- Capability inventory: The agent has the capability to read local files, fetch remote web content, and generate formatted output based on user-provided code.\n
- Sanitization (absent): No validation, escaping, or filtering is performed on the content retrieved from the remote URL before it is applied to the agent's logic flow.
Audit Metadata