The Agent Skills Directory

[COMMAND_EXECUTION]: The tool includes an eval command that allows the execution of arbitrary JavaScript within the browser context for advanced automation tasks.
[DATA_EXFILTRATION]: The skill enables reading of web page content and local file system access (when the --allow-file-access flag is used), which are standard capabilities for a browser automation utility.
[PROMPT_INJECTION]: Processing external web content introduces an indirect prompt injection surface. The skill provides built-in mechanisms to mitigate this risk.
Ingestion points: External website data accessed through navigation and snapshot commands in SKILL.md and references/commands.md.
Boundary markers: Implementation of the AGENT_BROWSER_CONTENT_BOUNDARIES environment variable provides nonce-based markers to isolate untrusted page content.
Capability inventory: Shell command execution via CLI, browser-based JavaScript execution (eval), file-system reads, and network navigation.
Sanitization: Employs specific delimiters to help the AI agent distinguish between tool output and external page data, as described in the security section of SKILL.md.

agent-browser