playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Contains explicit examples embedding sensitive values verbatim (e.g., fill e2 "password123" and cookie-set session_id abc123), which instruct the agent to include secrets directly in commands/outputs and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and ingests arbitrary public web pages (e.g., commands like "playwright-cli open https://example.com", "playwright-cli goto ", "playwright-cli tab-new https://example.com/page") and provides snapshot/eval commands that require reading and acting on page content, exposing the agent to untrusted third-party content that could enable indirect prompt injection.