playwright

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill generates and executes Playwright test scripts (including a login-flow example that fills a plaintext password) and would likely embed user-provided credentials verbatim into generated code/commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and example scripts explicitly instruct the agent to navigate to and scrape arbitrary URLs (e.g., page.goto(...) and the broken-links check that issues page.request.head(href)), and run.js will execute inline or file-provided Playwright code after asking for or auto-detecting a target URL, so untrusted public web content can be ingested and influence subsequent automation actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). run.js will automatically run "npm install" and "npx playwright install chromium" at runtime (pulling packages from the npm registry, e.g. registry.npmjs.org) which fetches remote code that is installed and then required/executed by the skill.