Skills
skills/codeceptjs/skills/codeceptjs-auth/Gen Agent Trust Hub

codeceptjs-auth

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill guides the agent through the legitimate process of setting up the CodeceptJS auth plugin for session management.
  • [SAFE]: The instructions explicitly emphasize security by forbidding hardcoded credentials and mandating the use of .env files with the Node.js process.loadEnvFile() API or dotenv package.
  • [SAFE]: It provides guidance on using the secret() wrapper for passwords, which is a security feature of the CodeceptJS framework to prevent secrets from appearing in logs.
  • [COMMAND_EXECUTION]: The skill mentions executing tests using npx codeceptjs run, which is the standard method for running CodeceptJS tests.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by instructing the agent to read HTML from a login page to identify locators.
  • Ingestion points: HTML content from the login page via run_code.
  • Boundary markers: No specific boundary markers or instruction-ignoring delimiters are mentioned for the ingested HTML.
  • Capability inventory: File system modifications to codecept.conf.js and steps_file.js, and shell command execution via npx.
  • Sanitization: No specific sanitization is performed on the ingested HTML, but the risk is low and inherent to the task of UI automation testing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 10:39 PM
Security Audit — agent-trust-hub — codeceptjs-auth