playwright

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows and CLI commands (e.g., "pwcli open https://example.com" and related snapshot/eval commands in SKILL.md and references/*.md) explicitly open and interact with arbitrary public web pages and evaluate/extract page content, meaning untrusted third-party content can be read and used to drive subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The wrapper script invokes npx to fetch and run the npm package @playwright/mcp at runtime (e.g. via "npx --package @playwright/mcp playwright-cli", which pulls code from the npm registry such as https://registry.npmjs.org/@playwright/mcp), so remote code is downloaded and executed and the skill depends on it.