playwright-cli

SUSPICIOUS. The skill's core browser automation capabilities mostly match its stated purpose, and there is no direct evidence of credential theft or attacker-controlled exfiltration. Risk comes from broad execution scope (`playwright-cli:*`), arbitrary code execution (`eval`/`run-code`), authenticated storage manipulation, untrusted web-content handling, and the undocumented transitive `install-skills` command.