Context-Inappropriate Capability
Medium
- Confidence
- 96% confidence
- Finding
- The skill explicitly teaches use of `playwright-cli run-code` to execute arbitrary JavaScript in the browser context, which materially expands the capability from browser automation into code injection and in-page state manipulation. In an agent setting, this can be used to exfiltrate page data, alter workflows, bypass intended restrictions, or interact with sensitive browser/session context in ways not obvious from the skill’s stated browsing purpose.
