playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes command examples that embed sensitive values verbatim (e.g., fill "password123", cookie-set session_id abc123, state-save/auth.json), which requires the agent to output or handle secrets directly in generated CLI commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's core workflow and examples (SKILL.md "playwright-cli open ", tab-new, and references/running-code.md examples like page.content() and the "Scrape data from multiple pages" run-code snippet) show it fetches and reads arbitrary public websites and user-generated content which the agent is expected to interpret and use to drive clicks, form fills, test-generation, and other actions—allowing untrusted third-party content to materially influence tool behavior.