Skills
skills/neonwatty/qa-skills/desktop-workflow-to-playwright/Gen Agent Trust Hub

desktop-workflow-to-playwright

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes npm install --ignore-scripts and npx tsc --noEmit to validate the generated project. This involves running shell commands on code created by the agent.
  • [EXTERNAL_DOWNLOADS]: Fetches the @playwright/test package and typescript from the official npm registry during the project validation phase. This is a standard operation for setting up a Node.js-based automation project.
  • [DATA_EXFILTRATION]: The generated authentication setup and CI workflows reference environment variables and GitHub secrets (TEST_EMAIL, TEST_PASSWORD, VERCEL_AUTOMATION_BYPASS_SECRET). This follows industry security standards for managing sensitive credentials in automated testing environments.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from /workflows/desktop-workflows.md and uses it to generate executable test scripts. \n
  • Ingestion points: /workflows/desktop-workflows.md \n
  • Boundary markers: Absent \n
  • Capability inventory: File write, shell command execution (npm, tsc) \n
  • Sanitization: Absent
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 01:41 AM