The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the installation of the agent-browser package via NPM and the download of Chromium binaries. These resources originate from the GitHub organization 'vercel-labs', which is a recognized and trusted service provider. Documentation for Browserbase, a cloud browser provider, is also included for enterprise/CI workflows.
[COMMAND_EXECUTION]: The skill provides a set of CLI commands (agent-browser open, click, fill, etc.) that execute browser interactions. This includes the eval command, which allows the execution of arbitrary JavaScript within the browser context. While powerful, this is a standard and expected feature for browser automation tools.
[INDIRECT_PROMPT_INJECTION]: As a tool designed to process and interact with live web content, the skill inherently possesses an indirect prompt injection surface.
Ingestion points: Data enters the agent's context through snapshot, get text, get html, and screenshot commands defined in SKILL.md.
Boundary markers: The provided instructions do not specify any delimiters or safety warnings to help the agent distinguish between its system instructions and content retrieved from websites.
Capability inventory: The skill provides significant capabilities including JavaScript execution (eval), form interaction (fill, click), file uploads (upload), and network routing control, all visible across SKILL.md.
Sanitization: There is no evidence of sanitization or filtering of external content before it is processed or presented to the agent.
[DATA_EXPOSURE]: The skill includes functionality to save and load browser state (including authentication cookies) to a local file (auth.json). This is a standard session persistence feature but requires careful handling of the resulting state files by the user.

agent-browser