playwright-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows runtime commands that fetch and operate on arbitrary public URLs (e.g., "npx playwright codegen https://example.com", "npx playwright screenshot ... https://example.com") and even instructs using tests to "programmatically navigate, click 'Load More', extract DOM, and save JSON", so the skill ingests untrusted third‑party web content that could influence actions.