browser-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes literal sensitive values (e.g., "SecurePass123" used in password fields and a session cookie value "abc123") and code patterns that embed secrets directly in generated scripts/commands, which encourages outputting credentials verbatim and poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow can fetch and read arbitrary web page content via page.goto(<URL>) and then extract visible text/innerText/textContent from that page (e.g., page.innerText, page.textContent, page.$$eval), which is outsider-authored free text from public web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs remote code at runtime using npx to fetch and execute the npm package @playwright/mcp (invoked as "npx @playwright/mcp@latest"), so it depends on externally fetched code that will be executed during runtime.