playwright-mcp-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and snapshots arbitrary web pages using playwright-mcp (see SKILL.md and references/usage-patterns.md examples like "playwright-mcp-cli browser_navigate url=..." and "browser_snapshot"), so it ingests untrusted public web content that the agent reads and can use to drive subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes and depends on a runtime package fetched-and-executed via npx (npx -y @playwright/mcp@latest, with official source https://github.com/microsoft/playwright-mcp), which fetches remote code at runtime and is required for operation, so it constitutes an external runtime code-execution dependency.