The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses a Node.js CLI script located at scripts/index.mjs to interface with the Lynx DevTool. This script acts as the primary controller for all debugging operations such as listing clients and sending protocol commands.
[REMOTE_CODE_EXECUTION]: The skill supports the execution of arbitrary JavaScript on target Lynx engines through CDP methods like Runtime.evaluate, Runtime.callFunctionOn, and Runtime.runScript. This is the intended primary purpose of the skill for runtime debugging and state inspection.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests untrusted data from target devices via get-console and get-sources. A malicious application on a connected device could output logs or code comments containing instructions aimed at manipulating the AI agent. There are no explicit boundary markers or sanitization logic mentioned in the documentation for this external content.
[DATA_EXFILTRATION]: Functionality exists to retrieve sensitive runtime data from the target device, including application source code (Debugger.getScriptSource), page resources (Page.getResourceContent), and session storage (WhiteBoard.getSharedData). It also includes a take-screenshot command that writes image files to the local file system.

lynx-devtool