playwright-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to arbitrary public web content via commands like "playwright-cli open " (and related page interaction and "playwright-cli run-code") so the agent will fetch and read/execute untrusted third‑party pages/JS from the open web.