playwright-cli
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs global installation of the @anthropic-ai/playwright-cli package and uses Playwright's native installer to download the Chromium browser. These resources originate from trusted organizations.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to manage browser sessions, including cleanup of stale sessions and configuration of browser settings.
- [REMOTE_CODE_EXECUTION]: Through the run-code command, the skill allows for the execution of arbitrary JavaScript within the Playwright environment. This is used to handle advanced automation tasks such as waiting for specific network responses or complex DOM manipulations.
- [PROMPT_INJECTION]: There is a risk of indirect prompt injection as the skill is designed to ingest and act upon content from external websites. Ingestion points: Data retrieved via open, snapshot, and screenshot commands, as well as console and network logs. Boundary markers: None are specified to separate web content from instructions. Capability inventory: The skill has extensive control over the browser, can execute scripts, and install packages. Sanitization: The skill does not implement specific sanitization routines for the data it extracts from the web.
Audit Metadata