playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands and examples that pass secrets/passwords directly as literal CLI arguments (e.g., cookie-set session_id abc123, fill e2 "password123"), which would require the LLM to emit secret values verbatim in generated commands or scripts.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and navigates to arbitrary external URLs (playwright-cli open/goto in SKILL.md) and contains run-code examples that fetch and scrape page content (references/running-code.md "Scrape data from multiple pages", eval/page.content examples), which the agent is expected to read/interpret and can drive subsequent actions—exposing it to untrusted third-party content that could carry instructions.