Playwright Browser Automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and interacts with user-provided or public URLs (see SKILL.md examples like page.goto(TARGET_URL), detectDevServers(), the broken-links script that requests external hrefs) and the planner/generator/healer agent workflows in node_modules/playwright require exploring and interpreting arbitrary web pages, so untrusted third‑party content can be fetched and used to drive subsequent tool actions.