test-web-ui

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill tells the agent to ask for test credentials and then perform form fills/interactions using CLI/MCP commands (e.g., playwright-cli fill, browser_type), which would require embedding passwords/credentials verbatim into generated commands or tool calls, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and crawls arbitrary public URLs (see SKILL.md Phase 1 Discovery and the Playwright steps) and the provided scripts (scripts/discover.py and scripts/run_tests.py) use page.goto/browser_navigate to load pages, parse headings/links/forms, follow discovered links, and act on page-derived data, so untrusted third‑party content is ingested and can materially influence subsequent tool actions.