The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes instructions from the external file /workflows/browser-workflows.md, creating a surface for indirect prompt injection where instructions in the data file could manipulate agent behavior. * Ingestion points: Reads instructions from /workflows/browser-workflows.md. * Boundary markers: None; the skill parses the file and executes steps directly without framing them as untrusted data. * Capability inventory: Includes browser automation (navigate, click, type), file system writes, subagent spawning for code changes, and git operations (push, PR create). * Sanitization: No sanitization or validation of the workflow steps is performed before execution.
[DATA_EXFILTRATION]: The skill automatically captures screenshots and records network activity during browser sessions. This creates a risk of exposing sensitive information like PII or session tokens if testing is performed on non-public or authenticated environments, as this data is persisted in unencrypted local HTML reports.
[COMMAND_EXECUTION]: The skill executes various system commands for testing and deployment, including git push and gh pr create, based on the outcomes of automated fixes performed by subagents.

browser-workflow-executor