multi-user-workflow-generator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the user to provide per-persona credentials (plaintext or env var values) and instructs the agent to use those credentials in Playwright CLI "fill" commands and in workflow preconditions, which requires the LLM to emit secret values verbatim in commands and files.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's Phase 5 requires a user-supplied App URL and Phase 6 explicitly drives Playwright CLI to navigate, capture, and interpret live pages/screenshots from that URL (the running app), meaning it fetches and acts on arbitrary third-party web content provided at runtime which can influence subsequent actions.