screenshot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and loads arbitrary HTTP(S) URLs (see SKILL.md and scripts/screenshot.py --batch/URL usage) and the WebAdapter opens those pages via playwright-cli and curl (scripts/adapters/web.py), so it fetches and processes untrusted public web content as part of normal runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes npm/npx to fetch and run the @playwright/mcp package at runtime (see "npm install -g @playwright/mcp@latest" and "npx --package @playwright/mcp playwright-cli" — package: https://www.npmjs.com/package/@playwright/mcp), which downloads and executes remote code that the skill depends on for web captures.