playwright-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples that embed plaintext credentials (e.g., page.fill(..., "secret")) and describes automating logins/form submissions, which encourages producing scripts that include real secrets verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to navigate arbitrary websites and scrape or extract web content (e.g., page.goto("https://..."), "Scraping web content or extracting data", page.accessibility.snapshot(), and page.evaluate()), which means it will fetch and interpret untrusted public third‑party pages as part of its workflow and those pages could contain instructions that influence actions.