playwright

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill can navigate to and scrape arbitrary public websites and read their content as part of normal workflows — for example run.js supports inline/page scripts with page.goto('https://...'), examples/link-checker.js requests external http(s) links, and lib/helpers.js includes extractTableData/extractTexts and cookie/banner handling that ingest page content — so it clearly consumes untrusted third-party web content.