mcp-playwright

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow and prompt templates explicitly instruct the agent to "Open " and navigate pages to assert DOM content and collect console logs, which requires loading and interpreting arbitrary third-party web pages (open URLs) as part of its checks and therefore exposes the agent to untrusted user-generated/public web content (SKILL.md "Typical Workflows" and "Prompt Templates").