playwright-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill executes Playwright against arbitrary web pages (e.g., page.goto('https://example.com') in API_REFERENCE.md, the "Check for Broken Links" example that iterates a[href^="http"] and issues network requests, and run.js which runs user-provided/inline scripts), so it can fetch and read untrusted public URLs or user-provided sites as part of its workflow.