tampermonkey-script

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Playwright MCP "basic workflow" explicitly requires the agent to open the user's specified URL with browser_navigate and inspect page content via browser_snapshot/browser_evaluate (i.e., fetching arbitrary public webpages and DOM) so untrusted third-party page content is read and used to decide selectors and script behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's examples and guidance show use of @require to download and execute external JS at install/runtime (a required dependency), e.g. https://cdn.jsdelivr.net/npm/jquery@3.7.1/dist/jquery.min.js, which constitutes fetching and running remote code.