playwright
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration instructs the use of
npx @playwright/mcp@latest, which fetches the Playwright MCP package from a well-known package registry. - [COMMAND_EXECUTION]: The tool setup involves executing shell commands through
npxto initialize the automation server. - [PROMPT_INJECTION]: The skill processes data from arbitrary external websites, which presents a surface for indirect prompt injection attacks. Ingestion points: Capability to 'Read page content' and 'extract text' from external URLs as described in
SKILL.md. Boundary markers: No delimiters or instructions to disregard embedded commands are specified in the provided guidelines. Capability inventory: The skill allows for navigation, form interaction, element clicking, and data extraction. Sanitization: No mechanisms for filtering or sanitizing content retrieved from websites are mentioned before the data is processed by the agent.
Audit Metadata