auth-generic

Enables authentication with any custom form-based system, supporting various methods like email/password and OTP.

Install this skill

or

25/100

Security score

The auth-generic skill was audited on Feb 27, 2026 and we found 23 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 239

Template literal with variable interpolation in command context

SourceSKILL.md

239	throw new Error(`Password not configured. Set ${passwordVar} in .env.local`);

medium line 290

Template literal with variable interpolation in command context

SourceSKILL.md

290	await page.goto(`${baseUrl}${config.routes.login}`);

medium line 308

Template literal with variable interpolation in command context

SourceSKILL.md

308	throw new Error(`Unknown auth method: ${config.method}. Define custom steps.`);

medium line 314

Template literal with variable interpolation in command context

SourceSKILL.md

314	console.log(`Authentication successful, landed on ${config.routes.authenticated}`);

medium line 320

Template literal with variable interpolation in command context

SourceSKILL.md

320	console.error(`Authentication failed: ${message}`);

medium line 412

Template literal with variable interpolation in command context

SourceSKILL.md

412	await page.goto(`${baseUrl}${magicLinkUrl}`);

medium line 426

Template literal with variable interpolation in command context

SourceSKILL.md

426	const response = await fetch(`${baseUrl}${config.verification.endpoint}`, {

medium line 435

Template literal with variable interpolation in command context

SourceSKILL.md

435	throw new Error(`OTP source "${config.verification.source}" not implemented in generic skill`);

medium line 507

Template literal with variable interpolation in command context

SourceSKILL.md

507	console.log(`Logged in as ${result.email}`);

medium line 39

Access to .env file

SourceSKILL.md

39	2. Environment variables in `.env.local`:

low line 207

Access to .env file

SourceSKILL.md

207	const envPath = path.join(projectRoot, '.env.local');

low line 212

Access to .env file

SourceSKILL.md

212	if (match && !process.env[match[1]]) {

low line 213

Access to .env file

SourceSKILL.md

213	process.env[match[1]] = match[2];

low line 228

Access to .env file

SourceSKILL.md

228	password = process.env[config.testUser.passwordVar \|\| 'TEST_PASSWORD']

low line 232

Access to .env file

SourceSKILL.md

232	email = process.env[emailVar] \|\| config.testUser.emailDefault \|\| '[email protected]';

low line 236

Access to .env file

SourceSKILL.md

236	password = process.env[passwordVar] \|\| config.testUser.passwordDefault;

low line 239

Access to .env file

SourceSKILL.md

239	throw new Error(`Password not configured. Set ${passwordVar} in .env.local`);

low line 244

Access to .env file

SourceSKILL.md

244	username = process.env[config.testUser.usernameVar];

low line 488

Access to .env file

SourceSKILL.md

488	const BASE_URL = process.env.PLAYWRIGHT_BASE_URL \|\| 'http://localhost:3000';

medium line 72

Prompting for password/secret input

SourceSKILL.md

72	"passwordInput": "input[type='password'], input[name='password']",

medium line 257

Prompting for password/secret input

SourceSKILL.md

257	passwordInput: 'input[type="password"], input[name="password"], input#password',

medium line 559

Prompting for password/secret input

SourceSKILL.md

559	"passwordInput": "input[data-testid='password-input']",

low line 488

External URL reference

SourceSKILL.md

488	const BASE_URL = process.env.PLAYWRIGHT_BASE_URL \|\| 'http://localhost:3000';

Scanned on Feb 27, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2

Rate this skill

Categorysupport

UpdatedMay 21, 2026

diegosouzapw/awesome-omni-skill