playwright-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's CLI examples and commands accept and output raw session/authentication cookies (e.g., --set "name=value", cookies listing, session files saved to sessions/) so an agent may be required to include secret cookie/session values verbatim in commands or JSON output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly navigates to and ingests arbitrary public web pages (e.g., cmd_open uses page.goto(args.url) and cmd_screenshot/cmd_extract/cmd_html/cmd_eval read and evaluate page content in playwright_skill.py, and SKILL.md even shows scraping news.ycombinator.com), so untrusted third‑party/user‑generated content can be fetched and parsed and could influence subsequent actions.