playwright-local

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and scrape arbitrary public websites (see SKILL.md and README.md "Claude Code workflow" and templates like templates/basic-scrape.ts, templates/stealth-mode.ts, and templates/authenticated-session.ts which call page.goto(url) / accept a URL), so the agent will ingest untrusted, user-generated third‑party content and use it to drive decisions and next actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes commands that change system state (explicit sudo apt-get install snippets), Dockerfile user creation, and recommendations like --cap-add=SYS_ADMIN and disabling sandbox flags which can bypass host security—so it encourages actions that can modify or weaken the machine's state.