The Agent Skills Directory

[DYNAMIC_EXECUTION]: The agent-browser eval command allows the agent to execute arbitrary JavaScript within the browser context. This capability enables the execution of complex logic that may bypass standard interaction safeguards, as documented in references/commands.md.
[OBFUSCATION]: The skill supports the execution of Base64-encoded JavaScript via the agent-browser eval -b flag. While designed to handle shell escaping issues, this functionality allows for the execution of payloads that are not human-readable in the source instructions, as seen in the examples in references/commands.md.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to navigate the open web and ingest data from untrusted sources, creating a surface for indirect prompt injection.
Ingestion points: Commands such as agent-browser get text, agent-browser snapshot, and agent-browser open (referenced in SKILL.md and templates/capture-workflow.sh) bring external web content into the agent's context.
Boundary markers: The provided instructions do not include explicit delimiters or system-level warnings to the agent to disregard instructions embedded within the scraped web content.
Capability inventory: The agent-browser tool possesses high-privilege capabilities including the ability to write files (screenshots, PDFs, and state files), manage authentication cookies/tokens via state save, and execute code via eval.
Sanitization: There is no evidence of content sanitization or filtering to prevent malicious instructions from the web influencing the agent's subsequent actions.

agent-browser