The Agent Skills Directory

[COMMAND_EXECUTION]: The documentation outlines an extensive CLI for browser control, including navigation (open, reload), discovery (snapshot), and complex interactions (click, fill, drag, upload).
[REMOTE_CODE_EXECUTION]: Includes an eval command which allows the agent to execute arbitrary JavaScript code within the active browser context. Additionally, it defines an install command for fetching browser binaries.
[DATA_EXFILTRATION]: Provides the ability to read and extract sensitive browser data, including session cookies, localStorage, clipboard content, and full network request/response logs.
[EXTERNAL_DOWNLOADS]: The install command is documented for downloading the Chromium browser and its necessary system-level dependencies.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of ingesting and processing data from external web sources.
Ingestion points: Commands such as open, snapshot, get text, get html, and network requests allow the agent to ingest content from arbitrary URLs into its context.
Boundary markers: The reference documents a --content-boundaries flag that can be used to wrap page output in markers to help the model distinguish it from tool output.
Capability inventory: The toolset includes highly privileged operations such as eval, modifying cookies/storage, and intercepting/mocking network traffic via network route.
Sanitization: There is no documented mechanism within the reference for sanitizing, filtering, or validating the data retrieved from the web before it is processed by the agent.

agent-browser-commands