playwright

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs Playwright to open and interact with arbitrary URLs (e.g., page.goto(url), pages_to_capture list, examples using public sites and "public site" in triggers), so the agent will fetch and interpret untrusted third‑party web content which can influence navigation, clicking, and other tool actions.