playwright

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill's curl/json commands (e.g., fill with "value":"VAL") instruct the agent to emit form values into requests, so if used to submit passwords or API tokens the LLM would include those secrets verbatim in its output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow (SKILL.md and references/commands.md) explicitly allows navigating to arbitrary URLs (navigate/newTab) and reading page content via snapshot, innerHTML, text, and eval, and then driving interactions (click/fill/etc.), so untrusted public web content can be ingested and influence agent actions.