playwright-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly visits and operates on user-provided or auto-detected web URLs (see SKILL.md step 1 "If no servers found: Ask for URL" and many examples using await page.goto(TARGET_URL) and link-checking/page.request.head), meaning it fetches and interprets arbitrary third-party web content which can directly influence navigation, clicks, form submissions, and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). High-confidence: the executor (run.js) will run npm install / npx playwright install at runtime and thus fetch and install remote packages (e.g. https://registry.npmjs.org/playwright/-/playwright-1.58.2.tgz from package-lock.json), which downloads and executes external code that the skill requires.