playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes commands that set and get cookies, local/session storage and shows plaintext passwords/tokens (e.g., cookie-set abc123, fill "password123", TOKEN=$(playwright-cli --raw cookie-get session_id)), which enable or require emitting secret values verbatim in commands or output, so it presents a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and interacts with arbitrary public webpages (e.g., "playwright-cli open", "playwright-cli goto" and the run-code / snapshot /eval flows described in SKILL.md and references/run-code.md and test-generation.md), and it reads and interprets page content to generate actions and tests—so untrusted third-party web content can materially influence agent behavior.