The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The "Backfill Flow" instructs the agent to download three JavaScript files (dumper.js, extract-one.js, and export-jsonl.js) from a remote GitHub repository and execute them in the context of the user's browser session using the mcp__claude-in-chrome__javascript_tool. This technique executes remote code within a sensitive, authenticated web environment.
[CREDENTIALS_UNSAFE]: The CLI tool is designed to harvest session cookies directly from the user's Chrome browser profile via the instacart auth login command. These credentials are saved to a local configuration file at ~/.config/instacart/session.json, creating a risk of credential exposure if the local environment is compromised.
[EXTERNAL_DOWNLOADS]: The skill requires installing a third-party binary tool. It provides instructions to download and install instacart-pp-cli via npm (@mvanhorn/printing-press) or by using go install from the author's GitHub repository.
[COMMAND_EXECUTION]: The skill heavily relies on the Bash tool to run the instacart-pp-cli binary, manage software installation, and perform file system operations such as importing order history from JSONL files.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing and caching external data from Instacart order history.
Ingestion points: instacart-orders.jsonl (SKILL.md)
Boundary markers: Absent.
Capability inventory: Subprocess execution via Bash tool for cart modifications and product searches.
Sanitization: No explicit sanitization or validation of the ingested JSONL content is described in the provided instructions.

pp-instacart