playwright-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill exposes the agent to arbitrary public web pages via commands like "playwright-cli open " and "tab-new [url]" (and can run JS via "run-code"), so it fetches and interprets untrusted third-party content from the open web.