playwright-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's Authentication Flow explicitly instructs the agent to type a username and plaintext password into fields (browser_type password), which requires the agent to include secret values verbatim in its tool calls/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "browser_navigate" to target URLs and use the "Web Scraping" pattern (browser_snapshot, browser_evaluate) to ingest and act on arbitrary public web page content, exposing it to untrusted third-party pages that could contain injected instructions.