The Agent Skills Directory

[PROMPT_INJECTION]: The skill allows for indirect prompt injection as it is designed to read data from external sources.
Ingestion points: Data is retrieved from third-party desktop application interfaces using agent-browser snapshot and agent-browser get text as described in SKILL.md.
Boundary markers: The skill does not define specific delimiters or warnings to treat application content as untrusted data.
Capability inventory: The agent has capabilities to interact with the UI and execute shell commands through the allowed Bash tool.
Sanitization: No content filtering or sanitization of the data extracted from the apps is implemented.

electron