playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that place secrets (e.g., "password123", cookie value "abc123") directly in CLI commands and shows retrieving cookies into shell variables (TOKEN=$(playwright-cli --raw cookie-get session_id)), which would require the agent to handle or emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and navigates to arbitrary public URLs (e.g., SKILL.md "playwright-cli open/goto https://..." and references/running-code.md "Scrape data from multiple pages" / page.content() examples), ingests untrusted user-generated web content as part of its workflows, and uses that content (snapshots, eval/run-code results) to drive subsequent actions, so third-party pages could inject instructions that influence tool behavior.