playwright-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The Playwright tests load pages using a base URL taken from .env.local or environment variables (e.g., APP_SERVER_URL / BASE_URL) and then navigate, inspect DOM, console logs, and network responses with page.goto("/") and related calls, so if that base URL points to a public or user-provided site the skill will ingest untrusted third‑party content.