playwright-bowser

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly drives a headless browser to open and interact with arbitrary public URLs (e.g., "playwright-cli -s= open " in SKILL.md and the docs/playwright-cli.md demo examples like "open https://demo.playwright.dev/todomvc/" and "open https://mystore.com"), snapshots pages to obtain element refs, and then makes decisions/actions based on that live, untrusted third‑party content, so it clearly exposes the agent to indirect prompt injection from web content.