The Agent Skills Directory

[COMMAND_EXECUTION]: The skill integrates the 'chrome-relay' CLI, allowing the agent to drive browser actions through shell commands, including evaluating arbitrary JavaScript in the page context via the 'js' tool.
[EXTERNAL_DOWNLOADS]: Setup requires the global installation of the 'chrome-relay' npm package and the registration of a native messaging host on the local system to communicate with the Chrome extension.
[DATA_EXFILTRATION]: The skill provides tools to read sensitive browser data, including network request/response buffers (which may contain credentials), console logs, and page snapshots. The documentation includes instructions for the agent to redact these secrets, but the underlying capability for data exposure is present. Additionally, the skill includes recipes in 'references/patterns.md' that involve reading from and modifying sensitive local configuration files such as '~/.npmrc'.
[PROMPT_INJECTION]: The skill processes untrusted content from the web to generate snapshots for the agent, creating a significant surface for indirect prompt injection where malicious website content could attempt to influence agent behavior.
Ingestion points: Browser data is ingested via 'snapshot', 'get', 'network', and 'console' commands as described in 'SKILL.md'.
Boundary markers: Output is formatted as structured text with element references (e.g., '@ref'), providing some structural separation, though no explicit 'ignore' instructions are mandated for the agent when processing web content.
Capability inventory: The skill possesses extensive control over the user's browser environment, including JavaScript execution ('js'), navigation, and input simulation ('click', 'fill', 'type', 'keys').
Sanitization: Page content is abstracted into a snapshot format, which provides a layer of processing, but the skill does not detail specific sanitization or filtering mechanisms applied to the raw content before presentation to the agent.

chrome-relay