playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets directly in CLI commands (e.g., cookie-set session_id abc123, fill e2 "password123") and shows retrieving tokens into shell variables, which requires the agent to handle and potentially output secret values verbatim — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to open and navigate arbitrary public URLs and to read/inspect page content (e.g., SKILL.md "open/goto" commands and references/running-code.md examples like "Scrape data from multiple pages" and use of page.content()/eval), which clearly ingests untrusted third‑party web content that can influence subsequent actions.