playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs embedding plaintext secrets into CLI commands (e.g., fill e2 "password123" / fill e2 "secret"), which requires the agent to include secret values verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references (e.g., commands like "playwright-cli open " and the "scrape data from multiple pages" example in references/running-code.md) explicitly direct the agent to fetch and scrape arbitrary public websites and to read/interpret page content as part of workflows, exposing it to untrusted third‑party content that could influence subsequent actions.