Description-Behavior Mismatch
Medium
- Confidence
- 94% confidence
- Finding
- The script persists authenticated browser state to storageState.json and also saves a post-login screenshot and UI structure summary to disk. Those artifacts can contain session cookies, local storage tokens, account URLs, internal navigation labels, and other sensitive application data; if reused or exfiltrated, they may enable account/session hijacking or disclose private app structure beyond the immediate recording task.
