e2e-harness-setup
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill emphasizes security best practices for handling sensitive data. It explicitly instructs the agent and user to add
storageStatefiles (which contain authentication tokens) to.gitignoreand warns against committing secrets in MCP configurations. - [COMMAND_EXECUTION]: The skill facilitates the use of standard development tools, specifically the Playwright CLI, for its primary purpose of end-to-end testing infrastructure setup.
- [DATA_EXPOSURE]: The skill identifies that E2E testing artifacts may contain sensitive information. It correctly mandates that these files be kept local and excluded from the code repository.
- [INDIRECT_PROMPT_INJECTION]: The skill defines an integration surface where the agent connects to external context sources (GitHub, Figma, issue trackers) via MCP. While intended for context gathering, this introduces a surface where instructions embedded in external data (like issue descriptions) could influence agent behavior, though the skill does not grant elevated privileges that would make this critical.
Audit Metadata