playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains examples that embed secrets/passwords directly in CLI commands (e.g., cookie-set session_id abc123 and fill e2 "password123"), which would require the agent to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and navigates to arbitrary public URLs (e.g., SKILL.md "playwright-cli open/goto https://...") and its workflows and refs (references/running-code.md and SKILL.md snapshots/scrape examples like "return await page.content()" and "scrape data from multiple pages") ingest and act on untrusted, user-generated web content which can influence subsequent actions.