test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read credentials from the task's "Implementation Notes" and use them to fill forms via mcp__playwright__browser_* calls (e.g., type/fill), which requires embedding secret values verbatim in generated tool-call parameters and output, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's .mcp.json specifies launching "npx @playwright/mcp@latest" at runtime, which fetches and executes remote npm package code (required to provide the mcp__playwright__browser_* tools), so it is a runtime external dependency that executes remote code.