High-risk tools in Playwright Autopilot
20 of the 51 tools in Playwright Autopilot are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_batchExecuteExecute multiple browser actions in one call. PREFERRED over individual click/type calls \u2014 dramatically reduces round-trips and tokens. Use
-
browser_navigateExecuteNavigate to a URL in the browser. Launches the browser if not already open.
-
browser_navigate_backExecuteNavigate back in browser history.
-
e2e_build_flowsExecuteRun each test individually with action capture and auto-save flows. Discovers all tests (optionally filtered by project/grep), skips tests that already have up-to-date flows, ru...
-
e2e_run_testExecuteRun Playwright tests. When location is provided, runs a specific test with action capture for deep debugging. When location is omitted, runs all tests (optionally filtered by pr...
-
e2e_start_flowExecuteStart recording a browser exploration flow. Every browser action (navigate, click, type, etc.) will be recorded as a step. Use e2e_end_flow when done to save the flow. Optionall...
-
browser_hoverExecuteHover over an element on the page.
-
browser_replay_flowExecuteReplay saved flows using stored locators \u2014 no ARIA snapshots returned. Minimal token usage. On failure, captures snapshot at the failing step for diagnosis. Chain multiple ...
-
browser_tabsExecuteList, select, or close browser tabs. Actions:
-
e2e_bisectExecuteFind the commit that broke a test using behavioral bisection. Runs binary search through git history, comparing action captures to identify what changed. Uses git worktrees (nev...
-
e2e_exploreExecuteAutomatically crawl a web app to discover page templates, navigation flows, and API calls. Uses headless Playwright with ARIA snapshots (no images) and structural similarity for...
-
browser_clickExecuteClick an element on the page. For multiple clicks, prefer browser_batch instead.
-
browser_closeExecuteClose the browser and clean up resources.
-
browser_file_uploadExecuteUpload one or more files to a file chooser. The file chooser must be visible first (triggered by clicking a file input). Use absolute file paths.
-
browser_fill_formExecuteFill multiple form fields in one call. Fields can be addressed by ref (from snapshot) or by label (accessible name). Supports text inputs, checkboxes, radio buttons, and dropdow...
-
browser_press_keyExecutePress a key or key combination (e.g. Enter, Escape, Tab, ArrowDown, Control+a).
-
browser_restore_sessionExecuteRestore a previously saved browser session. Creates a new browser context with saved cookies/localStorage, re-applies headers, and navigates to the saved URL.
-
browser_select_optionExecuteSelect an option from a dropdown element.
-
browser_set_headersExecuteSet extra HTTP headers for browser requests. Headers are automatically scoped to same-origin requests only, so they won
-
browser_typeExecuteType text into an input field. For multiple fields, prefer browser_fill_form or browser_batch instead.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.