testing-e2e-with-playwright
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill mentions the installation of standard, well-known Node.js packages such as
@playwright/testand@axe-core/playwright. These are trusted tools within the testing ecosystem. - [SAFE]: Hardcoded credential strings found in
references/AUTH-AND-SETUP.md(e.g., 'test-user@example.com' and 'Test1234!@') are clearly identified as placeholder fallbacks for local development/testing documentation and do not pose a security risk. - [SAFE]: Filesystem operations performed via the
fsmodule are restricted to routine test automation tasks, such as creating directories for session storage (.auth/), reading seed data from local JSON/CSV files, and writing debug reports. - [SAFE]: Command execution examples (e.g.,
npx playwright test) are standard for the Playwright framework and are used for running tests and installing necessary browser binaries. - [SAFE]: Although the skill defines an automation surface that interacts with web content, which is a prerequisite for indirect prompt injection, it focuses on testing local or controlled environments and provides guidance on robust locator strategies to minimize brittleness.
Audit Metadata