playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples and commands that embed secrets and credentials verbatim (e.g., cookie-set session_id abc123, fill e2 "password123"), so an agent following it would need to include secret values directly in generated commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI and docs (SKILL.md and references/running-code.md / references/session-management.md) show it opens arbitrary URLs, scrapes page content (e.g., "playwright-cli open https://...","return await page.content()", and "Scrape data from multiple pages"), which clearly ingests untrusted public web content that the agent is expected to read and act on, enabling indirect prompt-injection.