playwright-browser-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and examples.py explicitly instruct the agent to navigate to and extract/evaluate content from arbitrary public web pages (e.g., page.goto in SKILL.md and browser_navigate/browser_evaluate in examples.py), so it ingests untrusted third‑party content that can influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs use of sudo for installing dependencies and explicitly recommends adding a /etc/sudoers.d entry (granting NOPASSWD sudo access for npx/playwright), which modifies privileged system files and encourages privilege escalation/bypass of security mechanisms.