playwright-human-in-the-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly directs the agent to navigate user-specified websites/management interfaces and to read/interpret page content (see Step 3 "非重大操作" list: "截圖、讀取頁面內容" and repeated use of browser_snapshot via Playwright MCP), so arbitrary third‑party web content can be ingested and influence decisions/actions.