playwright

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill's CLI-first patterns (e.g., "$PWCLI" fill e2 "password123") demonstrate and require embedding credentials or form secrets as literal command arguments, so an agent would likely need to include user-provided secrets verbatim in generated commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill drives a real browser and explicitly opens arbitrary URLs and evaluates page content (e.g., "pwcli open " and "pwcli eval 'el => el.textContent'"), so it can fetch and read untrusted public web pages and user-generated content that could carry indirect prompt injections.