e2e-harness-setup

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill emphasizes security best practices for handling sensitive data. It explicitly instructs the agent and user to add storageState files (which contain authentication tokens) to .gitignore and warns against committing secrets in MCP configurations.
  • [COMMAND_EXECUTION]: The skill facilitates the use of standard development tools, specifically the Playwright CLI, for its primary purpose of end-to-end testing infrastructure setup.
  • [DATA_EXPOSURE]: The skill identifies that E2E testing artifacts may contain sensitive information. It correctly mandates that these files be kept local and excluded from the code repository.
  • [INDIRECT_PROMPT_INJECTION]: The skill defines an integration surface where the agent connects to external context sources (GitHub, Figma, issue trackers) via MCP. While intended for context gathering, this introduces a surface where instructions embedded in external data (like issue descriptions) could influence agent behavior, though the skill does not grant elevated privileges that would make this critical.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 04:46 PM
Security Audit — agent-trust-hub — e2e-harness-setup