webapp-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of the
playwrightPython package and the execution ofplaywright install chromiumto download browser binaries. While these are standard tools for web testing, they involve fetching third-party code and executables at runtime. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it navigates to and processes content from external URLs provided at runtime.
- Ingestion points:
scripts/playwright_runner.pyingests untrusted data from the web viapage.goto(url). - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the processed page content.
- Capability inventory: The skill allows
Bash,Write,Edit, andGreptools, which provide a significant attack surface if an agent is successfully subverted. - Sanitization: Absent. The script extracts page titles and content without sanitizing potential instructions.
- DATA_EXFILTRATION (LOW): The script allows the agent to navigate to any URL. This creates a surface for Server-Side Request Forgery (SSRF), where an attacker could potentially use the agent to probe internal network services or cloud metadata endpoints (e.g., 169.254.169.254).
Audit Metadata