The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches the firefox-devtools-mcp package from the official npm registry during the installation process. The source code for this package is managed by Mozilla, a trusted organization.
[COMMAND_EXECUTION]: The server is configured to run using npx, which executes the MCP server locally. This is a standard method for running MCP tools that interact with local applications like Firefox.
[REMOTE_CODE_EXECUTION]: The skill provides tools for executing JavaScript within the browser context, such as evaluate_script and evaluate_privileged_script. These features are essential for its primary purpose of browser automation and testing; they are disabled by default and require the user to explicitly enable them using specific configuration flags.
[DATA_EXFILTRATION]: The skill has the capability to capture screenshots and detailed network request/response data. While these features facilitate web scraping and debugging, they could potentially expose sensitive session information if the browser is used to access authenticated or private services.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection through interaction with external websites.
Ingestion points: Untrusted data enters the agent's context through web page content (snapshots), console logs, and network monitoring as described in SKILL.md.
Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions embedded in the processed web data.
Capability inventory: The skill can execute commands via npx, run JavaScript in the browser, write files to the system (screenshots/extensions), and modify browser preferences.
Sanitization: Absent. Web content is processed directly to allow the agent to understand page structure and data.
Context: The documentation explicitly warns the user about the risk of prompt injection and recommends using a dedicated profile to mitigate data exposure.

firefox-devtools-mcp-automation