playwright-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and parses external guidelines from the public raw GitHub URL (https://raw.githubusercontent.com/vitalics/playwright-labs/tree/main/packages/playwright-best-practices/AGENTS.md) via WebFetch and uses that content as rules the agent must read and apply, so it ingests untrusted third‑party content that could inject instructions indirectly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to "Fetch fresh guidelines before each review" from https://raw.githubusercontent.com/vitalics/playwright-labs/tree/main/packages/playwright-best-practices/AGENTS.md at runtime and to "Apply all rules from the fetched guidelines" (i.e., the remote content directly controls the agent's instructions and is a required dependency), so this URL is a high-risk runtime remote-instruction dependency.