azure-microsoft-playwright-testing-ts
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes official packages from trusted organizations, specifically @azure/playwright, @azure/identity, and @playwright/test from Microsoft and the Playwright project. References to external resources point to verified Microsoft domains (microsoft.com, aka.ms).
- [SAFE]: Authentication examples prioritize secure, credential-less methods such as Managed Identity and Entra ID (via DefaultAzureCredential), avoiding the use of hardcoded secrets or insecure access tokens.
- [SAFE]: Configuration patterns for CI/CD (GitHub Actions and Azure Pipelines) use official tasks and standard secret management practices.
- [PROMPT_INJECTION]: The skill contains an inherent indirect prompt injection surface as it is designed to automate browser interactions with external web content.
- Ingestion points: External web pages accessed through the page.goto() method in test scripts.
- Boundary markers: None; the skill relies on standard Playwright browser context isolation.
- Capability inventory: Network access for browser traffic and file system access for test reporting.
- Sanitization: Relies on the security sandboxing provided by the underlying browser engine and the Playwright framework.
Audit Metadata