The Agent Skills Directory

[COMMAND_EXECUTION]: The agent-browser eval command provides the capability to execute arbitrary JavaScript code within the browser context, which could be abused if the agent is influenced by malicious instructions.\n- [DATA_EXFILTRATION]: The skill exposes commands to retrieve sensitive session information, including agent-browser cookies, agent-browser storage local, and agent-browser state save, which can be used to capture authentication tokens or private user data.\n- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes content from external websites. Mandatory evidence: 1) Ingestion points: Data is ingested via agent-browser open, snapshot, and get commands (SKILL.md). 2) Boundary markers: The skill lacks explicit markers or instructions to isolate untrusted web content from agent commands. 3) Capability inventory: The skill can execute code (eval), write files (screenshot, pdf, state save), and access session secrets. 4) Sanitization: No sanitization of web-derived content is performed before processing.

agent-browser