playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and commands directly embed sensitive values (e.g., fill "password123", cookie-set session_id abc123), which instruct the agent to place secret credentials verbatim into CLI commands/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and navigates arbitrary public URLs (e.g., SKILL.md "playwright-cli open/goto https://example.com") and its references (references/running-code.md "Scrape data from multiple pages" and examples returning page.content() / generated actions) show the agent ingesting and acting on untrusted, user-generated web content, which can materially influence subsequent tool actions.