Playwright Skill

The `SKILL.md` file instructs the AI agent to use an 'inline execution' pattern (`cd $SKILL_DIR && node run.js "..."`) for simple tasks. This design allows for direct embedding of arbitrary JavaScript code into a `node` command, creating a critical Remote Code Execution (RCE) vulnerability via prompt injection. A malicious user could exploit this to execute arbitrary commands on the host system, such as reading sensitive files, exfiltrating data, or installing backdoors. This is a severe vulnerability, not intentional malice by the skill itself, hence classified as suspicious.