The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.Popen to execute the npx command for running the Playwright MCP bridge. This is used to initialize the communication with the browser extension.\n- [EXTERNAL_DOWNLOADS]: At runtime, the skill downloads the @playwright/mcp package from the NPM registry using the npx utility. This allows the skill to stay updated with the latest bridge capabilities.\n- [REMOTE_CODE_EXECUTION]: The evaluate and run_code actions allow the agent to execute arbitrary JavaScript and Playwright code within the user's browser session. This dynamic execution capability allows for high levels of automation but also permits execution of any code the agent generates or receives.\n- [DATA_EXFILTRATION]: By controlling a logged-in browser session and executing arbitrary code, the skill can potentially be used to extract sensitive information such as session cookies, authentication tokens, and private data from web pages. This data could then be sent to external endpoints using browser APIs.\n- [PROMPT_INJECTION]: The skill has a large surface for indirect prompt injection. Malicious content on visited websites could attempt to influence the agent's behavior through the browser control tools.\n
Ingestion points: Data enters the agent context through URLs navigated to and DOM snapshots fetched from web pages in run.py.\n
Boundary markers: There are no identified delimiters or warnings to the agent to ignore instructions embedded in the processed web content.\n
Capability inventory: The skill provides full control over the browser session (click, type, navigate, execute JS) via the @playwright/mcp bridge launched in run.py.\n
Sanitization: No sanitization or validation of the input code or the external web content is performed before execution or processing.

browser-use