e2e-test-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read credentials from test specifications or user prompts and to input them in login flows (and may log/report them), which requires handling secret values verbatim and poses exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads a test URL from user-provided markdown and then navigates to and scrapes external webpages using Playwright (see scripts/execute_tests.py and scripts/browser_automation.py which call page.goto, page.content(), collect console/network logs, and validate DOM), so arbitrary third‑party page content can influence test actions and pass/fail decisions.