playwright-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly supports "web scraping" and includes runtime steps to "Navigate" to pages and "Use browser_snapshot for AI analysis" (e.g., the Core Testing Workflow and examples like "Navigate to homepage" / "browser_navigate" and "browser_snapshot"), so the agent is expected to fetch and interpret potentially untrusted public web content which can change subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The mcp-config.json specifies running "npx -y @playwright/mcp", which will fetch and execute remote code from the npm registry at runtime (npx @playwright/mcp), so the skill relies on and executes externally fetched code.