playwright

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly provides browser navigation and scraping tools (e.g., "navigate_page(url=...)", "get_page_content", "get_text") and example workflows for visiting arbitrary URLs and interacting with web pages, which means the agent will fetch and interpret untrusted public web content that can drive subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes npx to fetch and run the @anthropic-ai/mcp-server-playwright package at runtime (npx -y @anthropic-ai/mcp-server-playwright), which downloads and executes remote code as a required MCP server dependency.