skills-master

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The Playwright Pro skill (assets/skill-templates/playwright-pro/SKILL.md and README) explicitly requires connecting to a local browser CDP and running connect-cdp.js / npm run debug:connect to read and analyze arbitrary web pages' DOM, network requests, console logs and performance (i.e., third‑party webpages the user opens), which are untrusted external content the agent is expected to interpret and which can materially influence its analysis and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Playwright Pro skill includes an explicit runtime invocation that will fetch and execute remote code via npx (example: "npx @playwright/mcp@latest" in the MCP config / setup), so the skill depends at runtime on externally fetched code that will be executed (@playwright/mcp@latest), which meets the criteria for a risky external runtime dependency.