using-playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill includes examples and workflows that embed plaintext credentials (e.g., fill e12 "password123") and would require the agent to generate CLI commands containing user passwords/cookies/storage values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's instructions (e.g., SKILL.md "Quick Examples" showing "open https://example.com/products" and "Read the snapshot output to extract data", plus references/workflows.md describing the snapshot-first loop) explicitly direct the agent to open arbitrary web URLs, ingest snapshot output from those public pages, and use that untrusted page-derived content (element refs/data) to decide and drive subsequent interactions, exposing it to indirect prompt injection from third-party content.