playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains explicit CLI examples that embed secrets verbatim (e.g., fill e2 "password123", cookie-set session_id abc123), and the tool's commands (fill, cookie-set, state-load, etc.) inherently require placing secret values directly into generated commands/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation (SKILL.md Quick start/goto examples and references/running-code.md, e.g., "Scrape data from multiple pages" and "return await page.content()") shows the CLI navigates to and ingests arbitrary public web pages and uses that content to drive actions, so untrusted third‑party page content can influence tool behavior and enable indirect prompt injection.