The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from remote manifests and browser interaction logs, creating an indirect prompt injection surface. However, this is a known risk for developer-centric debugging tools and is mitigated by the skill's specific purpose and built-in data sanitization.
[COMMAND_EXECUTION]: The skill uses several internal scripts (e.g., browser-capture.mjs, observability-collector.js) to automate project analysis and browser-based debugging. These operations are conducted within the allowed-tools limits and are essential for the skill's diagnostic functionality.
[EXTERNAL_DOWNLOADS]: Fetches documentation and remote manifests from official or well-known locations like module-federation.io and unpkg.com. These downloads are transparent and aligned with the tool's intended use case.
[DATA_EXFILTRATION]: The skill includes proactive measures to prevent sensitive data exposure. Both the browser capture utility and the observability plugin implement redaction logic to strip credentials, tokens, and secrets from output logs and reports before they are processed by the agent.

mf