tester

This Tester skill is functionally coherent with its stated purpose (running real E2E and integration tests). However, it requires elevated and sensitive access (API keys, database credentials) and directs installing and running third-party tooling (Stagehand) that will receive those credentials and execute network operations. The combination of: (a) mandating real DB and real services rather than isolated test environments, (b) recommending direct use of AI provider keys, and (c) transitive trust in installed packages creates a moderate-to-high supply-chain and credential-exposure risk. The skill is not overtly malicious, but it is potentially dangerous if run without strict environment isolation, pinned dependencies, and explicit safeguards to prevent execution against production. I rate the likelihood of intentional malware as low, but the operational risk (credential leakage, accidental destructive tests, or exfiltration via third-party tooling) as moderate and worthy of mitigation before use.