playwright-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and run.js explicitly accept and navigate to user-provided or external URLs (e.g., "ask for URL if testing external site" and numerous page.goto examples), and the helpers (extractTexts, extractTableData, handleCookieBanner, authenticate, etc.) parse and act on page DOM—so untrusted public web content can be fetched and influence automation decisions (also note support for custom headers to elicit LLM-optimized responses).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's run.js automatically runs "npm install" and "npx playwright install chromium" at runtime, which will fetch and execute remote packages from the npm registry (https://registry.npmjs.org/) and download Playwright browser binaries from the Playwright CDN (e.g., https://playwright.azureedge.net/), so remote code is retrieved and run as a required dependency.