visual-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns detected across all 10 threat categories. The skill's primary purpose is documentation and scaffolding for visual testing.
- CREDENTIALS_UNSAFE (SAFE): The skill handles sensitive information correctly by using placeholders (e.g.,
your_token_here,chpt_xxxxxxxxxxxx) and referencing environment variables or GitHub Secrets instead of hardcoding real API keys. - EXTERNAL_DOWNLOADS (SAFE): All referenced dependencies (chromatic, lost-pixel, playwright) are hosted on the official npm registry. Docker images used are from the official Microsoft Playwright repository on Docker Hub.
- COMMAND_EXECUTION (SAFE): Command execution examples (npx chromatic, npx lost-pixel) are standard usage for the respective visual testing frameworks described.
Audit Metadata