playwriter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly drives a browser to arbitrary web pages (e.g., the Quick Start example playwriter -e "await page.goto('https://example.com')" and the docs mentioning "working with pages, navigation" and "network interception for API scraping"), so the agent will fetch and interpret untrusted public web content that could contain instructions influencing actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill suggests using "npx playwriter@latest" (which fetches and runs package code from the npm registry, e.g. https://registry.npmjs.org) if the CLI isn't installed, so at runtime it can download and execute remote code that the skill relies on.