screenshots

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user for login credentials (email/username and password) and places them directly into the generated Playwright script (AUTH.email/AUTH.password), which requires the LLM to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts an arbitrary app URL (Step 1) and the provided Playwright script (Step 6) uses page.goto(BASE_URL + path) and automated interactions (smart login, clicks/fills/actions), which means it will fetch and act on content from user-supplied/public web pages that could be untrusted and influence tool behavior.