browsing-with-playwright

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed literal credential values (e.g., "password123" in browser_fill_form JSON), which instructs the agent to place secrets verbatim into commands/requests and thus poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill intentionally navigates to arbitrary URLs and extracts page content (see browser_navigate which accepts any "url", browser_snapshot which returns page text, and browser_run_code / browser_evaluate which run script on pages), so the agent will fetch and interpret untrusted public third‑party web content.