playwright-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill demonstrates secure handling of sensitive data by recommending environment variables (
process.env.TEST_USER_PASSWORD) rather than hardcoded secrets. It uses a local file (auth.json) for session persistence, which is standard practice in automated testing. - [Indirect Prompt Injection] (LOW): As this skill facilitates web automation, it creates a surface where the agent might ingest untrusted content from websites during test execution.
- Ingestion points:
page.goto()and locators likepage.getByText(). - Boundary markers: None specified in the templates.
- Capability inventory: Shell command execution (
npx playwright test), network request interception (page.route), and file system writes (download.saveAs). - Sanitization: The skill does not provide specific sanitization logic, as it is a template for testing rather than a data processing pipeline.
- [Prompt Injection] (SAFE): No instructions designed to override agent safety protocols or bypass system constraints were found.
- [External Downloads] (SAFE): References to external components (GitHub Actions) use trusted, well-known versions.
Audit Metadata