playwright-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The CLI exposes commands that take and return sensitive values verbatim (e.g., cookie-set , cookie-get, localstorage-set/get, state-save/state-load), so an agent could be required to include or echo secrets directly in generated commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and workflows (e.g., advanced-workflows.md "Multi-site Data Aggregation", the "Multi-page scraping" and "Infinite Scroll Extraction" run-code examples, and "Screenshot Every Link Target") explicitly instruct the agent to navigate, scrape, and act on arbitrary public websites and their user-generated content, and to use extracted text/links to drive further navigation/actions, which exposes the agent to untrusted third-party content that could enable indirect prompt injection.