The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides an eval command that facilitates the execution of arbitrary JavaScript within the browser's context. This feature is documented with support for Base64 encoding and standard input (stdin) to allow for the execution of complex or encoded scripts while bypassing shell interpretation issues.
[EXTERNAL_DOWNLOADS]: The tool relies on npx to fetch and execute the agent-browser package from the npm registry. Additionally, documentation for mobile automation recommends installing the appium framework and associated drivers via npm.
[DATA_EXFILTRATION]: The browser automation tool supports the --allow-file-access flag, allowing it to open and read local files using the file:// protocol. This presents a risk where an agent could be directed to access sensitive local system files, with the resulting data being captured through screenshots, text extraction, or PDF generation.
[COMMAND_EXECUTION]: The skill uses the Bash tool to run numerous agent-browser CLI commands for browser control, such as navigating to URLs, interacting with page elements, and managing authentication states.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing content from external, untrusted web sources. Ingestion points: Untrusted content is ingested via open, snapshot, and get text commands. Boundary markers: Element references (@e1, @e2) act as an abstraction layer for interactions, but the skill lacks explicit delimiters or instructions to ignore commands embedded within the text of the pages being browsed. Capability inventory: The agent has extensive capabilities including form submission, file uploading/downloading, and JavaScript execution. Sanitization: Web content is analyzed without evidence of sanitization or filtering to remove potential malicious instructions.

agent-browser