run-playwright
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
run-codecommand allows for the execution of arbitrary asynchronous JavaScript functions using the Playwrightpageobject, which can perform actions like waiting for elements or saving downloads. Evidence found inSKILL.mdandreferences/async-and-advanced.md. - [COMMAND_EXECUTION]: The
evalcommand enables the execution of JavaScript expressions within the browser's context to retrieve live page data or verify input states. Evidence found inreferences/debugging.mdandreferences/form-and-data.md. - [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@anthropic-ai/playwright-clipackage from the NPM registry. This originates from a trusted organization and is documented neutrally. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content and accessibility trees from external, untrusted websites. 1. Ingestion points: The
snapshotandscreenshotcommands inSKILL.mdingest external web content into the agent's context. 2. Boundary markers: No explicit delimiters or ignore-instructions warnings are provided. 3. Capability inventory: Arbitrary code execution viarun-codeinreferences/async-and-advanced.md, file uploads viauploadinreferences/form-and-data.md, and file-system writes viadownload.saveAsinreferences/async-and-advanced.md. 4. Sanitization: No evidence of escaping or validation of external content. - [DATA_EXFILTRATION]: The skill provides patterns for extracting sensitive browser data, such as session cookies, and saving remote files to the local machine. Evidence:
await page.context().cookies()recipe for cookie extraction andawait download.saveAs()for file storage inreferences/async-and-advanced.md.
Audit Metadata