playwright-frontend-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs the agent to navigate to and ingest arbitrary public web pages (e.g., page.goto calls and "AI analyzes page accessibility tree" / accessibility.snapshot and examples like https://shop.example.com and https://example.com in SKILL.md), so untrusted third‑party content is fetched and interpreted and can directly influence actions and test generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill config invokes "npx @playwright/mcp@latest" at runtime (in the mcpServers command), which fetches and executes remote package code that runs the MCP server used to control AI-assisted browser actions—an externally fetched runtime dependency that directly influences agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly instructs running system package installation with sudo (sudo apt-get install ...), which asks for elevated privileges and modifies system state, so it encourages actions that can compromise the host.