playwright

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to navigate and scrape arbitrary target URLs (e.g., references/ad-hoc-automation.md: "Ask for the target URL" and "page.goto(url, ...)" and references/link-checking.md which collects hrefs and may "navigate" external links), which exposes the agent to untrusted public web content that it will read/interpret.