playwright-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires constructing tool calls like browser_type({ ref: "...", text: "value" }) and browser_fill_form({ fields: [{ ref, value }] }), which would force the LLM to emit any provided secrets (passwords/API keys) verbatim in its tool-call output if used to fill credentials.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflows explicitly call browser_navigate({ url: "..." }) and then require reading browser_snapshot, browser_console_messages, and browser_network_requests to find refs and decide clicks/typing, so the agent fetches and interprets arbitrary third-party web pages and their user-generated content which could contain instructions that influence subsequent actions.