playwright-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to use commands like "playwright-cli open " and "playwright-cli goto" to navigate and interact with arbitrary public web pages, meaning the agent will fetch and read untrusted third-party web content that could contain instructions influencing subsequent actions.