The Agent Skills Directory

[PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by ingesting and processing untrusted content from external web pages via the agent-browser open and agent-browser snapshot commands.
Ingestion Points: agent-browser open and agent-browser snapshot are used across multiple files (e.g., SKILL.md, templates/capture-workflow.sh, references/snapshot-refs.md) to pull web content into the agent's context.
Boundary Markers: No explicit boundary markers or instructions to ignore embedded instructions are provided when processing extracted web content.
Capability Inventory: The agent has the capability to perform actions based on this content, including clicking elements, filling forms, and executing JavaScript via the eval command.
Sanitization: No sanitization or validation of the extracted web content is mentioned in the instructions.
[COMMAND_EXECUTION]: The skill relies on the agent-browser CLI for its core functionality. This includes the eval command, which allows for the execution of arbitrary JavaScript within the browser context. The documentation (references/commands.md) includes examples of using Base64-encoded strings for reliable script execution (e.g., agent-browser eval -b "ZG9jdW1lbnQucXVlcnlTZWxlY3RvcignW3NyYyo9Il9uZXh0Il0nKQ=="), which decodes to a benign element query but demonstrates a powerful execution vector.
[EXTERNAL_DOWNLOADS]: The skill provides instructions for installing external dependencies, including the agent-browser utility via npm or Homebrew. It also mentions an optional installation of an upstream skill from the Vercel Labs repository (https://github.com/vercel-labs/agent-browser).

eve-web-ui-testing-agent-browser