playwright-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to navigate to arbitrary TARGET_URLs and perform a "Reconnaissance‑Then‑Action" flow (e.g., page.goto(TARGET_URL), page.locator(...).textContent(), clicking discovered buttons) and to scan/exercise external links (links with href^="http" and page.request.head), meaning it fetches and interprets untrusted public web content (third‑party pages) which can directly drive subsequent automated actions.