playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that embed plaintext secrets (e.g., cookie-set session_id abc123, fill e2 "password123") and instructs commands that accept secret values verbatim, which would require the LLM to handle/output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core CLI and docs (SKILL.md and references/running-code.md and references/session-management.md) show commands like playwright-cli open/goto <url>, run-code and examples for "scrape data from multiple pages" and "concurrent scraping", which fetch and parse arbitrary public webpages (untrusted third‑party content) and use that content to drive further actions and generated tests, so third‑party page instructions could materially influence tool behavior.