playwright-browser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly lists "Web scraping / content extraction" and the Usage Pattern step "Navigate: browser_navigate to target URL" (plus tools like browser_click and browser_evaluate) which shows the agent will fetch and interpret arbitrary public web pages whose user-generated/untrusted content could influence subsequent actions.