The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides an eval command that allows the execution of arbitrary JavaScript within the browser context. This is a standard and necessary feature for advanced browser automation tasks. The documentation provides examples of using base64-encoded strings for these commands to prevent shell escaping issues.
[DATA_EXFILTRATION]: The skill includes functionality for capturing screenshots, generating PDFs, and exporting session state (including cookies and localStorage). The documentation specifically addresses the sensitivity of these outputs, providing guidance on using .gitignore to prevent session tokens from being committed to repositories.
[SAFE]: No malicious patterns, prompt injections, or unauthorized network behaviors were detected. The skill's architecture relies on user-supplied configuration and environment variables for authentication, adhering to secure development practices.
[INDIRECT_PROMPT_INJECTION]: As a web browsing tool, the skill facilitates an attack surface for indirect prompt injection where malicious instructions embedded in external websites could be processed by the agent.
Ingestion points: Website content is ingested through the snapshot and get text commands described in SKILL.md and references/snapshot-refs.md.
Boundary markers: The instructions do not provide explicit delimiters or ignore-instructions for the data retrieved from websites.
Capability inventory: The skill possesses extensive capabilities including JavaScript execution (eval), session management (state, cookies), and form interaction (fill, click) across its various command references.
Sanitization: There is no evidence of content sanitization or instruction filtering for the data extracted from the browser DOM.

agent-browser