Security Audit

go-playwright

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

go-playwright received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Untrusted content contains direct instructions for the agent, Unpinned dependency in setup instructions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Untrusted content contains direct instructions for the agent The skill description includes explicit instructions and a 'Summary Checklist for Agent' that dictates how the LLM should generate code and behave when using this skill. These instructions originate from untrusted input and could manipulate the LLM's decision-making process, potentially leading to unintended or insecure code generation if the instructions were malicious or poorly designed. Remove direct instructions for the LLM from untrusted skill content. Instead, define the skill's capabilities and parameters in a structured format (e.g., tool definition or manifest), allowing the LLM to decide how to best use them based on its core instructions. Avoid embedding behavioral directives within free-form descriptions.	LLM	SKILL.md:67
MEDIUM	Unpinned dependency in setup instructions The recommended installation command for Playwright drivers uses `@latest` (`go run github.com/playwright-community/playwright-go/cmd/playwright@latest install --with-deps`). This practice can lead to non-deterministic builds and introduces a supply chain risk, as future versions of the dependency could introduce vulnerabilities or breaking changes without explicit review, impacting the security and stability of the environment where the skill operates. Pin the dependency to a specific version (e.g., `playwright@v1.39.0`) to ensure deterministic and secure builds. Regularly review and update pinned versions after verifying their integrity and compatibility.	LLM	SKILL.md:22

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8350480099a5b436.svg)](https://skillshield.io/report/8350480099a5b436)