The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The documentation in resources/knowledge/playwright-cli.md advises users to globally install @playwright/cli@latest. This scope is not associated with the official Playwright project (Microsoft), presenting a high risk of typosquatting and the execution of unverified code if a malicious package is registered under that name.
[PROMPT_INJECTION]: The skill's primary workflow involves ingesting and analyzing untrusted test files from the project directory (steps-c/step-02-discover-tests.md). This constitutes an indirect prompt injection surface (Category 8), as instructions embedded in the analyzed code could potentially influence the agent's logic or conclusions.
[CREDENTIALS_UNSAFE]: The knowledge base fragment resources/knowledge/pact-broker-webhooks.md recommends creating GitHub Personal Access Tokens (PATs) with 'No expiration'. This promotes poor credential hygiene and increases security risks in the event of token compromise.

bmad-testarch-test-review