The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill's primary function involves navigating to and processing untrusted external web content via page.goto(). This establishes an attack surface where malicious web pages could attempt to influence the agent's reporting or behavior. Evidence: Ingestion occurs in LoginPage.ts and test blocks; no boundary markers or sanitization are specified for external page content.
[Remote Code Execution] (MEDIUM): The script scripts/generate-pom.ts performs dynamic code generation (scaffolding) based on a URL's accessibility tree. This is a Category 10 risk where untrusted external structure could potentially be used to inject malicious logic into the generated POM classes.
[Command Execution] (LOW): The skill requires execution of shell commands such as bun x playwright test and local utility scripts like scripts/analyze-traces.sh. This is standard for testing workflows but represents local execution.
[External Downloads] (LOW): The skill relies on standard, reputable Node.js packages including @playwright/test and @axe-core/playwright, typically fetched via the bun/npm registry.

e2e-testing-expert