Security risk report for @forgecat/anthropics_skills_webapp-testing v0.0.4
Source Integrity
Low
Profile is attributed to Anthropic with a public GitHub repository (github.com/anthropics/skills) and specific commit hash (5128e18) for traceability.
Tested across multiple legitimate platforms (Claude Code, Cursor, Codex) with clear licensing (LICENSE.txt).
Agent Intent
Low
Content documents legitimate Playwright-based web automation patterns (reconnaissance, selector discovery, action execution) without injecting hidden instructions or role hijacking.
Decision tree and examples teach best practices (wait for networkidle, use black-box scripts, avoid context pollution) — educational guidance, not manipulation.
No instructions to read credentials (~/.ssh, ~/.aws, .env), exfiltrate data, reveal system prompts, or install malicious dependencies.
Details
Evidence
"Always run scripts with `--help` first to see usage. DO NOT read the source until you try running the script first" — teaches defensive scripting, not evasion.
"Always launch chromium in headless mode" — standard security practice, not weakening.
"Use bundled scripts as black boxes" — encourages trust boundaries and modular design.
Permissions
Low
No tools or hooks are declared in the profile; this is a documentation/guidance skill only.
Playwright usage is scoped to local web application testing (localhost ports 3000, 5173) with no shell execution, file mutation, or network exfiltration.
Helper script (with_server.py) is invoked as a black box via standard Python subprocess, not with unrestricted globs or alwaysApply rules.