playwright

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill's CLI-first patterns (e.g., "$PWCLI" fill e2 "password123") demonstrate and require embedding credentials or form secrets as literal command arguments, so an agent would likely need to include user-provided secrets verbatim in generated commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md "Core workflow" and the references/workflows.md and references/cli.md) directs the CLI to open arbitrary public URLs (e.g., "$PWCLI open https://playwright.dev" and examples like https://example.com) and to snapshot/eval page content and interact with DOM elements, meaning untrusted third-party webpages can be ingested and drive subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The wrapper script runs "npx --package @playwright/cli playwright-cli", which at runtime fetches and executes the @playwright/cli package from the npm registry (e.g. https://registry.npmjs.org/@playwright/cli), so remote code is executed and is required for the skill.