qa-generating-e2e-tests

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and generated test code embed plaintext credentials (e.g., "SecurePass123!" and test emails) and would instruct the agent to produce tests that include any provided passwords or secrets verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow (Step 1 — Define User Journeys, option C: "Discovered from the app" with the scripts/discover_journeys.py --url ) and the generated Playwright tests that call page.goto(BASE_URL/...) show the skill navigates and analyzes arbitrary application URLs, meaning it fetches and interprets untrusted third-party web content which can materially influence generated test actions.