orchardcore-tester

This skill is consistent with its stated purpose: local build/run/test automation for OrchardCore using Playwright and dotnet. There are no signs of remote credential harvesting, obfuscated payloads, or calls to external attacker-controlled endpoints. Primary risks are operational: plaintext default credentials in documentation, local process management (start/stop), and an unsafe recursive Remove-Item that can delete App_Data. These are legitimate for a test harness but must be used carefully and never run against production data or on shared systems without isolation. Recommend removing or clearly marking default credentials, ensuring working-directory safety checks before destructive file ops, and running tests in isolated environments (containers or ephemeral VMs).