The Agent Skills Directory

[COMMAND_EXECUTION]: The skill extensively uses the playwriter tool to execute arbitrary JavaScript code on the host system to control browser sessions and perform data extraction.
[EXTERNAL_DOWNLOADS]: Users are encouraged to install several third-party libraries for bot evasion, including patchright, curl_cffi, and camoufox. These dependencies are fetched from public registries without specific version pinning or integrity checks in the instructions.
[REMOTE_CODE_EXECUTION]: The skill provides instructions to run npx rebrowser-patches@latest patch. This executes an unversioned script from a remote registry to modify the Chromium binary, which is a significant remote code execution risk if the package is compromised.
[DATA_EXFILTRATION]: A core capability of the skill is the identification and harvesting of authentication signals, such as session cookies, Bearer tokens from browser storage, and Authorization headers. This sensitive information is extracted from the browser environment and stored in local files (auth-signals.json, NETWORK.md).
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes content from external target websites to generate documentation and crawler code (CRAWLER.ts).
Ingestion points: Data enters the context via website HTML snapshots (via accessibilitySnapshot and getCleanHTML) and intercepted network responses from target domains.
Boundary markers: There are no explicit instructions or markers to distinguish between legitimate site data and potential malicious instructions embedded in the site's content.
Capability inventory: The agent has the ability to execute shell commands (playwriter), perform network requests (fetch, curl), and write files to the local system.
Sanitization: The workflow lacks specific steps to sanitize or validate website data before using it in logic-heavy tasks like crawler code generation.

crawler