The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill manages dependencies using standard package managers (npm/npx). It installs the @playwright/test package and official browser binaries via the npx playwright install command, which is the standard and safe procedure for this framework.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute Playwright test runs and CLI commands. It also uses a Python one-liner to deterministically parse and extract statistics from the playwright-results.json file. These operations are local, scoped to the testing workflow, and do not involve executing untrusted input.
[CREDENTIALS_UNSAFE]: The documentation explicitly warns against hardcoding credentials in source code. It provides patterns for using environment variables (process.env) and .env.test files for secret management, which is a recommended security practice.
[DATA_EXFILTRATION]: No unauthorized network operations were detected. The skill generates local artifacts (reports, screenshots, videos) within the project directory. Network calls are restricted to the application under test as defined by the user-controlled BASE_URL.
[DYNAMIC_EXECUTION]: The skill uses Playwright's addInitScript to inject mock objects (like a mock MetaMask provider) into the browser context. This is a standard testing technique for simulating external dependencies and does not pose a security risk in this context.

e2e-testing