The Agent Skills Directory

[COMMAND_EXECUTION]: The framework exposes an execute_code function that allows the agent to run arbitrary Bash, PowerShell, and Python commands directly on the host operating system.
[REMOTE_CODE_EXECUTION]: Through the save_skill functionality, the agent is designed to write its own Python code based on successful outcomes, which is then persisted and executed in future sessions, enabling self-modification and dynamic execution of LLM-generated logic.
[DATA_EXFILTRATION]: The skill combines extensive local file system access (read_file, list_directory) with network-capable tools (Chrome DevTools Protocol for browser control and general code execution), creating a path for potential unauthorized data extraction.
[PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection as it ingests untrusted data from multiple sources to drive its autonomous decision-making.
Ingestion points: Browser navigation via CDPBridge, screen content analysis via analyze_screenshot (OCR), and local file reading as described in SKILL.md.
Boundary markers: None identified; there are no instructions provided to the agent to treat external content as untrusted or to use delimiters when processing scraped text or vision data.
Capability inventory: Access to full system shells (Bash/PowerShell), file system modification (write_file), and network access (browser control) are all present in the core framework.
Sanitization: No evidence of sanitization or validation of the data retrieved from web pages or screenshots before it is used to generate or influence executable code.

photo-agents-autonomous-llm