webapp-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill requires
pip install playwrightandplaywright install chromium. While Playwright is a trusted, standard industry tool, it involves downloading and executing external binaries. - Indirect Prompt Injection (LOW): The skill processes untrusted data from external websites, which could contain malicious instructions designed to manipulate the AI agent.
- Ingestion points:
scripts/playwright_runner.pyingests data from arbitrary URLs viapage.goto()and extracts elements likepage.title(). - Boundary markers: Absent. The script returns raw content from the web page without delimiters or instructions to the agent to ignore embedded commands.
- Capability inventory: The skill is granted
Bash,Write, andEditpermissions, providing a high-impact target if an injection succeeds. - Sanitization: None. The script extracts and returns page metadata and text directly to the agent's context.
- Command Execution (SAFE): The skill uses
Bashto run its internal Python scripts. The logic inscripts/playwright_runner.pyis focused on browser automation and does not exhibit malicious command construction or privilege escalation patterns.
Audit Metadata