Playwright MCP Server for Browser Automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md overview explicitly states the Playwright MCP server can "navigate to URLs, click elements, fill forms, extract page content, [and] execute JavaScript on pages," which means the agent will fetch and interpret arbitrary public web pages and user-generated content, exposing it to untrusted third-party instructions.