playwright-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates and scrapes arbitrary web pages as part of normal operation (SKILL.md and API_REFERENCE.md show page.goto to user-provided/detected TARGET_URL, a "Check for Broken Links" example that extracts external hrefs and issues requests, and lib/helpers.js contains extractTableData/extractTexts and detectDevServers), so untrusted public web content can be read and directly drive further actions.