The Agent Skills Directory

[COMMAND_EXECUTION]: The skill spawns background daemon processes using child_process.spawn to manage persistent WebSocket connections to individual browser tabs. These daemons are transient and designed to auto-exit after 20 minutes of inactivity.
[REMOTE_CODE_EXECUTION]: The script implements capabilities to execute arbitrary JavaScript within the context of a browser page via the Chrome DevTools Protocol Runtime.evaluate method. While powerful, this is the intended functionality of the skill for web automation and debugging.
[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it ingests untrusted data from web pages (via accessibility snapshots and HTML content) and possesses high-privilege browser control capabilities. 1. Ingestion points: scripts/cdp.mjs (via snapshotStr, htmlStr, and evalStr). 2. Boundary markers: No markers or explicit instructions are provided to the model to ignore embedded commands in the page content. 3. Capability inventory: scripts/cdp.mjs (click, type, nav, eval, evalraw). 4. Sanitization: Page content is returned directly to the agent without filtering.

chrome-cdp