playwright-local

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes runnable scraping workflows and templates (e.g., templates/basic-scrape.ts, templates/stealth-mode.ts, templates/authenticated-session.ts, templates/infinite-scroll.ts and the "Claude Code workflow" section) that call page.goto(url) and extract page content (console/JSON output, screenshots) from arbitrary public websites including social media and news sites, so the agent is expected to fetch and read untrusted third‑party user-generated content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes commands that change system state (explicit sudo apt-get install snippets), Dockerfile user creation, and recommendations like --cap-add=SYS_ADMIN and disabling sandbox flags which can bypass host security—so it encourages actions that can modify or weaken the machine's state.