azure-microsoft-playwright-testing-ts
Audited by Gen Agent Trust Hub on Feb 12, 2026
The skill files SKILL.md and references/acceptance-criteria.md were thoroughly analyzed. Both files are primarily documentation, providing instructions and code examples for integrating Playwright with Azure services.
No direct executable code for the agent: The skill does not contain any scripts or code that the AI agent would directly execute. It provides instructions for a human user to follow, including command-line snippets and TypeScript code examples.
External Dependencies (LOW/INFO): The SKILL.md file instructs users to install packages using npm init and npm install. The packages mentioned are @azure/playwright, @playwright/test, and @azure/identity. All @azure packages are from the trusted azure GitHub organization. Playwright is a well-known and reputable testing framework, often associated with Microsoft. Due to these being trusted external sources and standard development dependencies, these instructions are considered low risk. They are user-facing setup steps, not agent-executed code.
Authentication: The skill demonstrates secure authentication practices using Microsoft Entra ID and @azure/identity credentials, including DefaultAzureCredential and ManagedIdentityCredential. It explicitly warns against hardcoding access tokens.
CI/CD Integration: Examples for GitHub Actions and Azure Pipelines show standard, secure practices for integrating Playwright tests, including using GitHub Secrets and Azure Pipeline variables for sensitive information.
No other threats detected: No evidence of prompt injection, data exfiltration, obfuscation, privilege escalation, persistence mechanisms, metadata poisoning, or time-delayed/conditional attacks was found in either file. The content is clear, straightforward, and aligns with its stated purpose.
Conclusion: The skill is well-documented, promotes secure practices, and does not contain any malicious patterns or direct executable code for the agent. The external dependencies are from trusted sources and are part of standard development workflows.