playwright-skill-v2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's agent-facing instructions (SKILL.md) instruct the agent to navigate to URLs with "playwright-cli goto " and to capture/read full page HTML and snapshots via "bin/context" and "bin/cache-query" (stored in .playwright-skill/cache/), which lets the agent fetch and interpret arbitrary third-party web pages and use that content to drive clicks/fills/run-code actions.