playwright
Warn
Audited by Snyk on Mar 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's core workflow and examples in SKILL.md and references/workflows.md explicitly instruct the agent to open arbitrary web pages (e.g., "pwcli open https://example.com") and run eval/snapshot/data-extraction commands (e.g., "pwcli eval 'document.title'", "pwcli eval 'el => el.textContent' e12"), so it clearly ingests untrusted public web content that could contain instructions influencing subsequent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The wrapper script runs npx --package @playwright/cli playwright-cli, which at runtime fetches and executes the @playwright/cli package from the npm registry (e.g. https://registry.npmjs.org/@playwright/cli or https://www.npmjs.com/package/@playwright/cli), so the skill relies on executing remote code fetched during runtime.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata