Summary
The latest security audit for microsoft/playwright-cli (Snyk report via skills.sh) flags 2 issues with overall HIGH risk:
- W007 (HIGH): Insecure credential handling in skill instructions
- W011 (MEDIUM): Third-party content exposure (indirect prompt injection risk)
Audit link: https://skills.sh/microsoft/playwright-cli/playwright-cli/security/snyk
Why this matters
skills.sh is highly visible and widely used; insecure examples can be copied at scale.- Current skill/docs patterns may normalize passing secrets in plain command arguments.
- The tool is designed to open and process arbitrary web content, which increases indirect prompt injection risk.
- Keeping security audits green is essential for user trust, safe adoption, and long-term maintenance quality.
Findings (from audit)
1) W007 HIGH — Insecure credential handling
Examples and patterns in skill/docs show literal credentials/tokens/cookie values in commands or generated snippets.
Risk: secrets can leak via terminal history, logs, snapshots, traces, CI output, or shared transcripts.
2) W011 MEDIUM — Third-party content exposure
Skill/docs encourage opening/scraping external sites and processing page content in ways that may influence downstream actions.
Risk: untrusted web content can inject malicious instructions and influence agent behavior (indirect prompt injection).
Proposed remediation plan
- Replace literal credential/token examples with safe placeholders.
- Add clear secret-handling guidance (env vars/secrets file, no plaintext secrets in commands).
- Add explicit warning that external web content is untrusted.
- Add regression tests for W007 and W011 patterns.
- Re-run the audit and confirm PASS.
Acceptance criteria
References
Summary
The latest security audit for
microsoft/playwright-cli(Snyk report via skills.sh) flags 2 issues with overall HIGH risk:Audit link: https://skills.sh/microsoft/playwright-cli/playwright-cli/security/snyk
Why this matters
skills.shis highly visible and widely used; insecure examples can be copied at scale.Findings (from audit)
1) W007 HIGH — Insecure credential handling
Examples and patterns in skill/docs show literal credentials/tokens/cookie values in commands or generated snippets.
Risk: secrets can leak via terminal history, logs, snapshots, traces, CI output, or shared transcripts.
2) W011 MEDIUM — Third-party content exposure
Skill/docs encourage opening/scraping external sites and processing page content in ways that may influence downstream actions.
Risk: untrusted web content can inject malicious instructions and influence agent behavior (indirect prompt injection).
Proposed remediation plan
Acceptance criteria
References