playwright-browser-network-requests

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The tool returns "all network requests" since page load (including headers, cookies, Authorization tokens, query strings, etc.), which can contain API keys or passwords and would be exposed verbatim in the agent's output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states the tool "Returns all network requests since loading the page" (via the browser_network_requests tool), so the agent will ingest network traffic and URLs/responses from arbitrary web pages loaded by the Playwright browser, exposing it to untrusted third-party content.