playwright-recording

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to navigate to arbitrary public websites (e.g., page.goto(CONFIG.url / page.goto('https://myapp.com' / 'https://example.com')), interact with DOM (waitForSelector, click, fill), dismiss cookie banners using selector lists, and run page.evaluate to read page state—meaning it fetches and interprets untrusted third‑party web content as part of its workflow, which can materially influence subsequent actions.