playwright-trace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill loads and inspects user-provided Playwright trace files that can contain DOM snapshots, network response bodies, console logs and attachments from arbitrary websites — e.g., "trace open" / traceSnapshot (traceSnapshot.ts serves snapshots via SnapshotServer) and traceRequests.ts/traceConsole.ts explicitly read and print response bodies, console messages and attachments — so untrusted third-party page content is ingested and presented to (and used by) the agent per SKILL.md examples.