Security risk report for @forgecat/openai_skills_playwright v0.0.10
Source Integrity
Low
Profile is attributed to OpenAI's official skills repository with a specific commit hash and Apache-2.0 license.
Source is a well-known, legitimate open-source project with clear provenance and no indicators of tampering.
Agent Intent
Low
Content describes legitimate browser automation workflows (navigation, form filling, snapshots, screenshots) without injecting hidden instructions or role hijacking.
No directives to read credentials, exfiltrate data, reveal system prompts, or install malicious payloads.
Guidance recommends standard Playwright CLI patterns and best practices (snapshot before refs, re-snapshot on stale refs, prefer CLI over eval) — these are security-conscious guardrails, not poisoning.
Details
Evidence
Guardrails section: 'Always snapshot before referencing element ids', 'Prefer explicit commands over eval and run-code unless needed'
No instructions to bypass security, disable verification, or weaken defaults.
Permissions
PRM-000Medium
Profile declares no explicit tools/hooks, but the skill implicitly assumes shell execution authority to run playwright-cli commands (open, click, fill, eval, run-code, etc.).
The `eval` and `run-code` commands allow arbitrary JavaScript execution in the browser context, which is broad but contextually appropriate for browser automation.
Authority is narrowly scoped to browser automation workflows and does not request file system mutation, deletion, or unrestricted network access beyond the target website.
Details
Evidence
Skill description: 'automating a real browser from the terminal (navigation, form filling, snapshots, screenshots, data extraction, UI-flow debugging)'
CLI reference includes 'eval' and 'run-code' commands for JavaScript execution within the browser.
Guardrails discourage overuse of eval: 'Prefer explicit commands over eval and run-code unless needed.'
MCP Risk
Low
No MCP servers are declared in the profile.
The skill relies on the bundled Playwright CLI wrapper script and standard npm/npx tooling, both well-known and legitimate.