playwright-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly describes navigating arbitrary public URLs and web scraping (e.g., the API example POST /mcp/execute with {"action":"goto","url":"https://example.com"} and the concrete "Web scraping task" using --url 'https://site.com' and page.evaluate()), so the agent will fetch and interpret untrusted third-party web content that can drive subsequent actions.