develop-web-game

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Playwright client calls page.goto(args.url) (the user-supplied --url target, e.g. the example http://localhost:5173) at runtime, meaning the skill will load and execute arbitrary remote webpage JavaScript as a required part of the test loop, so an external URL supplied to --url can run remote code during skill execution.