Playwright Session Recorder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states the recorder "hooks into page navigation" and captures DOM snapshots and network HAR for browser sessions (i.e., content from visited public websites), so the agent ingests and interprets arbitrary third-party web content that could contain instructions influencing subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's installation command ("npx skills add agentskillexchange/skills --skill playwright-session-recorder-2") causes npx/npm to fetch and execute remote package code (agentskillexchange/skills), and the skill page is linked at https://agentskillexchange.com/skills/playwright-session-recorder-2/, so the skill relies on externally fetched code that will be executed during install/runtime.