playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's commands include examples that embed secrets verbatim (e.g., cookie-set session_id abc123, fill e2 "password123"), which instruct the agent to emit or copy plaintext credentials directly into CLI commands or page interactions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and navigates arbitrary URLs (playwright-cli open / goto in SKILL.md), executes custom page scripts and scrapes content (run-code and page.content() / scraping examples in references/running-code.md), and records snapshots/traces of page DOM and network, so it ingests untrusted public web content that could carry indirect prompt injection.