playwright

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill maps natural language to CLI/MCP calls that embed form fields, cookies, and other values directly into JSON arguments (e.g., fillForm '{"value":"password123"}'), which requires the LLM to include secret values verbatim in generated commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to arbitrary URLs and captures/uses page snapshots from those pages as part of its workflow (see SKILL.md navigation/snapshot examples and tools/navigate.js / tools/snapshot.js), and lib/tab.js's captureSnapshot calls page._snapshotForAI so untrusted public web content can be read and influence subsequent tool actions.