playwright-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly lets the agent open arbitrary public URLs (e.g., "playwright-cli open " and "tab-new [url]") and captures/inspects page content via snapshots, console/network views and run-code, so it ingests untrusted third-party web content that could carry indirect prompt injections.