Playwright CLI Browser Automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that place secrets (e.g., "password123", session_id abc123) directly in CLI commands and cookie/set operations, which instruct an agent to include secret values verbatim in generated commands — an explicit high-risk exfiltration pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to open and navigate arbitrary external URLs and to execute custom Playwright code that visits and scrapes public sites (see SKILL.md examples like "playwright-cli goto https://playwright.dev" and references/running-code.md's "Scrape data from multiple pages" which uses page.goto and page.locator to extract content), so untrusted third‑party content is fetched and can directly influence actions.