playwright-cucumber-expert
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a scaffolding script (scripts/scaffold-bdd.mjs) to automate the creation of project folders and configuration files. It also includes standard CLI commands for running BDD tests via npx cucumber-js and npm scripts.\n- [EXTERNAL_DOWNLOADS]: References and instructions are provided for downloading standard, well-known testing libraries (@cucumber/cucumber, @playwright/test) and Playwright browser binaries via official package managers.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process user-provided Gherkin (.feature) files.\n
- Ingestion points: feature files in the features/ directory.\n
- Boundary markers: None identified in templates or instructions.\n
- Capability inventory: Command execution (Cucumber test runner) and file system operations (scaffolding).\n
- Sanitization: No explicit sanitization or validation of Gherkin content is implemented.\n- [SAFE]: No obfuscation, data exfiltration, or unauthorized persistence mechanisms were detected. The skill follows industry standards for managing test credentials via environment variables.
Audit Metadata