playwright-ops
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill primarily consists of documentation, best practices, and standard utility scripts for software testing.
- [EXTERNAL_DOWNLOADS]: References official and well-known resources, including Microsoft's official container registry (
mcr.microsoft.com) and standard Playwright installation commands (npx playwright install). These are established technology services and do not pose a security risk. - [CREDENTIALS_UNSAFE]: Appropriately handles sensitive data. Instructions explicitly recommend using environment variables (e.g.,
process.env.E2E_USER) and GitHub secrets rather than hardcoding credentials. It also includes guidance to add authentication state files (.auth/) to.gitignoreto prevent accidental exposure. - [DATA_EXFILTRATION]: No unauthorized data access or external transmission patterns were identified. The network mocking and API testing sections describe standard development practices for stubbing and testing internal application endpoints.
- [COMMAND_EXECUTION]: The bundled Python script (
scripts/triage-flakes.py) is a safe utility for parsing local JSON test reports. It uses only Python standard libraries and does not perform network operations or execute arbitrary system commands.
Audit Metadata