The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill implements strong credential management policies. It mandates that all sensitive information, such as user emails, passwords, and API tokens, must be stored in .env files and accessed via environment variables. Hardcoding secrets is explicitly prohibited and listed as a rejection reason in review checklists.
[DATA_EXFILTRATION]: The skill includes functionality to sync test execution results to external Test Management Systems (TMS) such as Jira and Xray. This is a core, documented feature designed for automated reporting. Sensitive data within these reports is protected via a canonical masking system (SENSITIVE_KEYS) that redacts passwords and tokens from traces and logs.
[COMMAND_EXECUTION]: The skill utilizes the bun runtime to execute various development and testing commands (bun run test, bun run lint, bun run type-check). These are standard operations for a TypeScript/Node.js testing environment and are used to ensure code quality and test success.
[EXTERNAL_DOWNLOADS]: The api:sync feature allows for the download of OpenAPI specifications from remote backend URLs to generate type-safe interfaces. This is an intended architectural feature to maintain contract synchronization between the test suite and the API being tested.
[SAFE]: No evidence of prompt injection, obfuscation, or unauthorized persistence was found. The skill architecture follows the principle of least privilege, ensuring that browser contexts and API requests are properly isolated and authenticated using project-specific configurations.

test-automation