playwright-automate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scraping and automation workflows (e.g., scripts/playwright-scrape.ts, scripts/playwright-form.ts and examples like "playwright-automate scrape https://example.com") navigate to arbitrary public URLs, evaluate and extract DOM content, and use that content to determine success or drive actions, thereby exposing the agent to untrusted third-party page content that could embed instructions.