playwright

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill's CLI-first patterns (e.g., "$PWCLI" fill e2 "password123") demonstrate and require embedding credentials or form secrets as literal command arguments, so an agent would likely need to include user-provided secrets verbatim in generated commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill drives a real browser to arbitrary public URLs (e.g., the examples and core workflow use commands like "$PWCLI open https://playwright.dev" and "https://example.com"), so it fetches and interprets untrusted third-party web content as part of its workflow and could enable indirect prompt injection.