The Agent Skills Directory

[SAFE]: The skill utilizes the page-agent library, which is a legitimate open-source tool provided by Alibaba. It uses official distribution channels like NPM and the jsDelivr CDN.
[SAFE]: Documentation correctly encourages the use of environment variables (process.env) for managing sensitive API keys for LLM providers, avoiding hardcoded credentials.
[SAFE]: No evidence of obfuscation, malicious network calls, or unauthorized persistence mechanisms was identified in the instructions or example code.
[PROMPT_INJECTION]: The skill's primary function involves processing untrusted data from web page DOMs (ingestion point: SKILL.md), which presents a surface for indirect prompt injection. Capability inventory includes DOM manipulation and action execution via agent.execute. While boundary markers are not explicitly defined in the provided snippets, the documentation includes a 'Best Practices' section recommending sanitization and validation of user input to mitigate risks.

page-agent-web-automation