playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands that directly embed sensitive values (e.g., cookie-set session_id abc123 and fill e2 "password123"), which instructs the agent to output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to open and navigate arbitrary web pages (e.g., "playwright-cli open/goto ", "tab-new "), take snapshots, and run/eval page code, so it will fetch and interpret untrusted public web content that can influence subsequent actions.