e2e-test-builder

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] This material is a benign E2E test scaffold for Playwright/Cypress. No indicators of malware or deliberate exfiltration were found. Notable security risks are operational: hard-coded test credentials and card numbers (test data), and Prisma seeding that will modify whichever database the environment points to — this could be dangerous if accidentally run against production. Ensure tests run only against test environments, rotate any reused credentials, and do not seed production databases. LLM verification: No evidence of malware, backdoors, or credential-exfiltration mechanisms in the provided code. The skill is consistent with its stated purpose (building E2E tests). The main security concerns are the presence of hardcoded credential-like strings and test payment numbers in examples — acceptable for test fixtures but dangerous if they represent real secrets or are used against production systems. Recommend replacing any real secrets with sanitized test fixtures, documenting that payment numbers a