playwright-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly allows loading arbitrary external content — e.g., the trace viewer CLI accepts remote trace URLs ("playwright show-trace https://example.com/trace.zip" in trace_system_guide.md) and the MCP/CLI tool framework (tools.md + navigate.ts and defineTabTool examples) lets the agent call navigation tools that perform page.goto and include page snapshots, so the agent will fetch and interpret untrusted third‑party web/user-generated content that can influence subsequent tool actions.