e2e-testing-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and code snippets for Playwright browser automation. All patterns align with industry best practices for testing.
- [EXTERNAL_DOWNLOADS]: Recommends installing '@axe-core/playwright' for accessibility testing. This is a well-known, legitimate package for this purpose.
- [CREDENTIALS_UNSAFE]: Code examples demonstrate accessing sensitive credentials via environment variables (e.g., 'process.env.ADMIN_PASSWORD'). This is a standard testing practice and no secrets are hardcoded.
- [PROMPT_INJECTION]: The skill describes browser automation patterns, which define an indirect injection surface. 1. Ingestion points: 'page.goto()', 'page.textContent()', and 'response.json()' in code snippets. 2. Boundary markers: None present. 3. Capability inventory: Subprocess execution via 'npx playwright test' and file system writes for test artifacts. 4. Sanitization: None demonstrated in snippets.
Audit Metadata