The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell commands (curl) to communicate with a browser automation executor. It correctly implements best practices by allowing the API base URL to be configured via the BROWSERWING_EXECUTOR_URL environment variable with a safe local fallback (http://127.0.0.1:8080).
[REMOTE_CODE_EXECUTION]: The skill includes documentation for a POST /evaluate endpoint in SKILL.md, which allows for the execution of JavaScript within the browser context. This is a standard and expected feature for advanced browser automation tools.
[DATA_EXFILTRATION]: The skill is capable of extracting text and taking screenshots from websites via endpoints like GET /snapshot and POST /extract. This content is returned to the agent for processing. This behavior is consistent with the stated purpose of a web automation and data extraction tool.
[PROMPT_INJECTION]: The skill processes data from untrusted external sources (web pages), creating a surface for indirect prompt injection.
Ingestion points: Data enters via GET /snapshot, POST /extract, GET /page-text, and GET /page-content as described in SKILL.md.
Boundary markers: No explicit instructions are provided to the agent to treat external content as untrusted data or to ignore instructions embedded within the extracted text.
Capability inventory: The skill allows the agent to execute Bash commands (as defined in allowed-tools in SKILL.md) and interact with the browser API.
Sanitization: There is no mention of sanitizing or escaping the content retrieved from web pages before it is processed by the agent.

browserwing