The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute playwright-cli commands. These commands are used to open sessions, navigate to URLs, take screenshots, and interact with page elements (clicks, text input) during the live walkthrough phase.
[CREDENTIALS_UNSAFE]: The skill is designed to read and process authentication data from .playwright/profiles.json and storage state JSON files. These files contain sensitive session information, including cookies, localStorage, and session tokens, which are used to bypass login forms during testing.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the application's codebase and the live website being tested.
Ingestion points: Codebase files (via Read, Grep, and Glob) and live website content (via Playwright navigation and screenshots).
Boundary markers: Absent; the instructions do not implement delimiters or 'ignore' warnings for the data ingested during the exploration or walkthrough phases.
Capability inventory: The skill possesses shell execution capabilities (Bash/Playwright), file system write access (/workflows/), and the ability to spawn sub-agents.
Sanitization: Absent; there is no mention of filtering, escaping, or validating the content retrieved from the codebase or the live application before it is presented to the LLM.

desktop-workflow-generator