Skills
skills/x-school-academy/ai-dev-swarm/playwright-browser-evaluate/Gen Agent Trust Hub

playwright-browser-evaluate

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill exposes the browser_evaluate tool which accepts a function argument containing raw JavaScript code to be executed in the page context. This allows for arbitrary code execution within the browser sandbox.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection because it interacts with external web content.
  • Ingestion points: Untrusted data enters the context via page content processed by Playwright (SKILL.md).
  • Boundary markers: None identified in the provided tool schema.
  • Capability inventory: The skill can execute arbitrary JavaScript in the browser, which can be used to click elements, fill forms, or exfiltrate data from the page.
  • Sanitization: There is no evidence of sanitization or sandboxing beyond the browser's own security model for the provided JavaScript strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 08:28 PM