playwright

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs browsing and scraping arbitrary public websites (e.g., SKILL.md description "web scraping" and references/advanced-topics.md "Scraping Workflow" which calls page.goto(url) and pipes results into Claude Code), and shows workflows that ingest and analyze third‑party page content (common-patterns.md infinite scroll, blocking-and-bypasses.md site-specific scraping), so untrusted user-generated web content can be read and influence agent decisions and actions.