browsing-with-playwright

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and commands require embedding form field values (e.g., "password123") into JSON parameters sent to the Playwright MCP, so an agent would need to output plaintext secrets verbatim in its generated requests/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflows and tool reference (e.g., browser_navigate, browser_snapshot, browser_evaluate, and browser_run_code in SKILL.md and references/playwright-tools.md) explicitly direct the agent to navigate to arbitrary URLs and extract/interpret page text and DOM, so it ingests untrusted public web content that can materially influence subsequent actions like form-filling, clicking, or executing code.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The start script invokes "npx @playwright/mcp@latest" (fetching/execing the remote npm package, see https://www.npmjs.com/package/@playwright/mcp) at runtime to launch the required MCP server, which downloads and executes remote code the skill depends on.