The PR description states "Lock file intentionally not modified per instructions," but this means the changes to the .md file will not take effect until the workflow is recompiled using gh aw compile nightly-mcp-stress-test. According to the codebase documentation, agentic workflows must be compiled from .md to .lock.yml files before they can run. Without updating the lock file, these environment variable changes will not be applied to the actual workflow execution. Either the lock file needs to be updated (recompiled), or if there's a specific reason not to update it, this should be clarified.

The PLAYWRIGHT_LAUNCH_OPTIONS environment variable appears to be undocumented and there's no evidence in the codebase or standard Playwright MCP server documentation that this variable is supported. Environment variables should be verified as supported by the target container before being added to the configuration. Consider verifying whether the Playwright MCP server (mcr.microsoft.com/playwright/mcp) or the actual MCP server implementation supports this environment variable, or whether browser launch options need to be configured through a different mechanism (such as entrypoint arguments).

Disabling web security features (--disable-web-security, --disable-features=IsolateOrigins,site-per-process) creates significant security risks even in a test environment. These flags disable CORS, same-origin policy, and site isolation, which could expose the test environment to various attacks if malicious content is loaded. While the comment notes this is "for testing purposes only," consider whether these aggressive security bypasses are necessary. Alternative approaches might include: 1) configuring proper allowed origins/hosts (as done in the lock file's entrypointArgs), 2) using --disable-blink-features=AutomationControlled alone, or 3) investigating why ERR_BLOCKED_BY_CLIENT occurs and addressing the root cause (e.g., network policies, ad blockers, or container restrictions) rather than disabling security features.