login-flows
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill demonstrates the use of Playwright's
storageStatefeature to save authentication metadata (cookies and localStorage) to a file namedauth.json. While this is a standard performance optimization for end-to-end testing, users should ensure this file is excluded from version control to prevent session hijacking. - [CREDENTIALS_UNSAFE]: One example (
global-setup.ts) includes a hardcoded placeholder passwordtestpass. Although clearly meant for demonstration, users must follow the skill's own tip to use environment variables for real credentials. - [EXTERNAL_DOWNLOADS]: The skill utilizes standard, well-known NPM packages
@playwright/testandotplibfor its core functionality. These are reputable libraries used extensively in the web development and testing ecosystem.
Audit Metadata