screenshots

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user for login credentials and instructs the agent to embed them verbatim into the generated Playwright script (AUTH.email / AUTH.password), requiring the LLM to handle and output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts an arbitrary APP_URL (via $1 or user prompt) and uses Playwright to navigate, inspect DOM elements, and capture pages (including optional logins), so it clearly loads and interprets untrusted/public web content from third‑party URLs.