playwright

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext credentials (e.g., --field "password=secret123" and .fill("test@example.com")), which instructs the agent to place secret values verbatim into commands/code and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., navigate.py, evaluate.py, screenshot.py, fill_form.py) and the SKILL.md "Navigate and Extract Content" / "Execute JavaScript" examples navigate to arbitrary URLs and scrape or evaluate page content (including executing page JS), which are untrusted public third‑party sources and can directly influence automation actions like form filling, navigation, evaluation results, and subsequent tool use.