playwright-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's tools (e.g., browser_type and browser_fill_form) require embedding literal text/value parameters when filling forms or typing, so if credentials or API keys are provided they would be included verbatim in the agent's tool calls and outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to navigate to arbitrary URLs (e.g., browser_navigate({ url: "..." }) in multiple workflows) and to snapshot/inspect page content, console messages, and network requests—i.e., ingesting and interpreting untrusted public web pages—so third-party pages could contain instructions that influence subsequent tool actions.