playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and command patterns that require embedding plaintext secrets into CLI commands (e.g., playright-cli fill e15 "password123"), which would force the LLM to handle and emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to navigate arbitrary URLs with commands like "playwright-cli goto " and to save and read page snapshots (e.g., .playwright-cli/snapshot.yaml and examples such as "Read the snapshot to find element refs" and multi-tab "Read docs"), which means untrusted public web content can be ingested and directly influence subsequent clicks/fills and tool use, enabling indirect prompt injection.