playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands and examples that embed secrets (e.g., cookies, passwords) directly as CLI arguments (e.g., cookie-set session_id abc123, fill e2 "password123"), which would require the LLM to output secret values verbatim when performing those actions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to open and interact with arbitrary public URLs (e.g., "playwright-cli open ", "playwright-cli goto") and to execute/run code that reads page.content(), snapshots, and scrapes multiple pages (see SKILL.md and references/running-code.md "Scrape data from multiple pages"), so untrusted third‑party webpage content can be ingested and used to drive subsequent actions.