playwright-explore-website

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md requires the agent to "Navigate to the provided URL using the Playwright MCP Server" and to interact with and interpret the site's UI and flows, which means the agent will fetch and act on arbitrary third-party (potentially user-provided/untrusted) web content that could contain instructions influencing its actions.