The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of system commands including osascript, curl, node, and python3 to automate browser actions and manage a local background proxy server.
[REMOTE_CODE_EXECUTION]: The SKILL.md file implements an update mechanism that executes npx update-kit, which downloads and runs code from the npm registry at runtime without fixed version pinning.
[DATA_EXFILTRATION]: The skill includes a dedicated module (modules/console-network.md) to inject JavaScript into the browser for intercepting console logs and network requests (XHR/Fetch). This can be used to capture sensitive data such as session cookies, authorization tokens, and personal information. Additionally, the CDP proxy provides a setFiles API that can programmatically upload local files to web forms, creating a path for local data exposure.
[PROMPT_INJECTION]: As a tool designed to read and interact with arbitrary web pages, the skill is highly exposed to indirect prompt injection. Malicious websites could contain hidden instructions intended to manipulate the agent's behavior or exfiltrate data from authenticated sessions.
Ingestion points: Web pages processed via WebFetch, Jina, curl, and CDP-based extraction (modules/dom-extraction.md).
Boundary markers: None identified in the prompt templates or scripts.
Capability inventory: Subprocess execution (osascript, node, python3), network access via curl, and file system writes for screenshots.
Sanitization: Relies on instructional guidelines for the agent to avoid untrusted JavaScript, rather than programmatic enforcement.
[EXTERNAL_DOWNLOADS]: The skill uses r.jina.ai for content conversion and references the omni-search-skill repository on GitHub for enhanced search features.

browser-control