playwright-local

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill includes numerous templates and workflows (e.g., templates/basic-scrape.ts, templates/stealth-mode.ts, templates/authenticated-session.ts and the "Claude Code" workflow) that use page.goto() and scrape arbitrary public URLs (including social media and public sites referenced in references/common-blocks.md), so the agent fetches and ingests untrusted, user-generated third‑party web content and is expected to read/interpret it as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes commands that change system state (explicit sudo apt-get install snippets), Dockerfile user creation, and recommendations like --cap-add=SYS_ADMIN and disabling sandbox flags which can bypass host security—so it encourages actions that can modify or weaken the machine's state.