playwright-extension-testing
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation in 'references/xvfb-guide.md' instructs users to execute 'sudo apt-get install', which grants elevated privileges to the installation process.
- [COMMAND_EXECUTION]: In 'assets/boilerplate/extension-helper.ts', the browser is launched with '--no-sandbox' and '--disable-setuid-sandbox' arguments, which disable essential security boundaries within the Chromium browser.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of external system dependencies and Node.js packages via 'apt-get' and 'yarn'.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting untrusted data from the browser environment.
- Ingestion points: Browser console logs are captured and printed to the terminal in 'assets/boilerplate/extension-helper.ts' via 'page.on("console", ...)'.
- Boundary markers: No delimiters or instructions are used to separate browser-generated content from agent commands.
- Capability inventory: The agent has the capability to execute browser commands, navigate to URLs, and modify extension storage.
- Sanitization: There is no evidence of filtering or sanitization of strings captured from the browser console before they are processed or logged.
Audit Metadata