browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's tool calls (e.g., playwright_fill with a "value" arg) and examples (filling login/forms with "my info") require the agent to embed exact user-provided field values (which may be passwords/API tokens) verbatim in generated tool-invocation outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to navigate to arbitrary public websites (playwright_navigate to URLs like shop.com/products, google.com, etc.) and to extract or execute page content (playwright_extract_content, playwright_evaluate) as part of scraping and multi-step workflows, so untrusted third-party webpages can be read and materially influence subsequent actions.