Skills
skills/dididy/e2e-test-reviewer/playwright-debugger/Gen Agent Trust Hub

playwright-debugger

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches test report artifacts from GitHub using the official GitHub CLI (gh). GitHub is a well-known service, and this operation is standard for CI/CD integration.
  • [COMMAND_EXECUTION]: Executes shell commands to automate the debugging workflow, including running tests with npx playwright test, using jq for JSON extraction, and unzip for trace analysis. These tools are used for their intended diagnostic purposes.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted data from test reports and trace files. * Ingestion points: Reads from playwright-report/results.json and trace.zip. * Boundary markers: No explicit delimiters or instructions are provided to the agent to treat report content as untrusted data. * Capability inventory: The skill executes shell commands and can modify test files to add screenshots. * Sanitization: There is no evidence of sanitization or validation of the content parsed from failure messages or logs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 08:14 AM