playwright-browser-hover
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill contains no executable code, scripts, or binary files, functioning only as a metadata definition and usage guide for an external Playwright-based tool.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection. 1. Ingestion points: The 'ref' and 'element' arguments in SKILL.md are populated from external web page snapshots. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the arguments schema. 3. Capability inventory: The tool facilitates interaction with a web browser (hovering). 4. Sanitization: No input validation or sanitization logic is defined for the external references.
Audit Metadata