playwright-cli
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [External Downloads] (MEDIUM): The skill instructions specify the installation of @playwright/cli globally via npm. This specific package name is not an official Microsoft Playwright package (the official one is @playwright/test), making it an unverified and potentially untrusted dependency.
- [Remote Code Execution] (MEDIUM): The eval and run-code commands facilitate the execution of arbitrary JavaScript within the browser context. This dynamic code execution capability, while functional, poses a security risk if the agent is tricked into executing malicious scripts.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted content from external websites, which could contain malicious instructions.
- Evidence Chain: 1. Ingestion points: Browser content is retrieved via snapshot, console, and network commands. 2. Boundary markers: None identified; the agent cannot distinguish between page content and control instructions. 3. Capability inventory: The skill provides powerful interaction tools including click, fill, and eval. 4. Sanitization: There is no mechanism to sanitize or validate the external content before it is presented to the agent's context.
Audit Metadata