playwright

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains explicit examples that hardcode credentials (e.g., humanType(..., 'password123') and .env with LOGIN_PASSWORD=secretpass) and login patterns that would lead the agent to embed user secrets directly into generated scripts or commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and scrapes arbitrary public websites (e.g., page.goto('https://example.com'), TARGET_URL from .env, and the "Data Extraction" pattern that reads page.textContent and table rows), so it ingests untrusted third-party web content as part of its workflow and could be exposed to indirect prompt injection.