playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill makes the agent emit shell commands like fill <ref> <text> and type <text> (and other CLI invocations) that would commonly require embedding passwords, API tokens, or cookies verbatim into generated commands, so using it to automate logins or authenticated actions creates a high risk of secret exposure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens and interacts with arbitrary public URLs (SKILL.md core workflow: "playwright-cli open "), snapshots and reads page content/element refs (snapshot, run-code returning page.content() in references/running-code.md), and then takes actions (click/fill) based on that output (EXAMPLES.md), so untrusted third-party web content can directly influence the agent's decisions and tool use.