e2e-test-automation
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: Detailed analysis confirms the skill is legitimate and performs its described E2E testing functions without malicious intent.
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill uses well-known, trusted packages like Playwright and asyncio. Browser binary installation via Playwright is a standard procedure for this ecosystem and is not considered a risk.
- [COMMAND_EXECUTION]: The skill executes browser automation tasks through the Playwright API to interact with the target web applications as specified in test cases.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill extracts testing credentials from user-provided files. It follows security best practices by excluding passwords from generated test reports and only logging the username for reference in the workspace.
- [INDIRECT_PROMPT_INJECTION]: The skill functions by interpreting user-provided Markdown files as instructions for browser automation. 1. Ingestion points: Markdown test case specifications parsed by scripts/execute_tests.py. 2. Boundary markers: None identified. 3. Capability inventory: Full browser automation via Playwright and local file system access for saving reports and screenshots. 4. Sanitization: Regular expressions are used to structure test steps from free-text markdown.
Audit Metadata