The Agent Skills Directory

[DATA_EXFILTRATION]: The skill instructs the agent to upload screenshots to a third-party service (https://img402.dev/api/free) using curl. This service is not a standard enterprise tool and could result in sensitive project data, PII, or internal UI details being exposed to an external party.
[COMMAND_EXECUTION]: The skill uses shell commands like pkill -f mcp-chrome- for process management and mv for file handling.
[COMMAND_EXECUTION]: Instructs the agent to seed test data via a script directly via the project's DB client, ORM, or seed mechanism. This involves the agent generating and executing code that writes to the local database.
[REMOTE_CODE_EXECUTION]: Use of evaluate within the browser context allows execution of arbitrary JavaScript on pages. While part of standard browser automation, this capability increases risk when processing untrusted content.
[PROMPT_INJECTION]: Indirect Prompt Injection Surface.
Ingestion points: The skill reads page text and HTML using Playwright and Claude-in-Chrome.
Boundary markers: Absent. There are no instructions to the agent to ignore or delimit instructions found within the web pages it visits.
Capability inventory: The agent has access to pkill (process termination), curl (network exfiltration), database seeding (local data modification), and browser JavaScript execution.
Sanitization: Absent. Content read from the browser is processed directly by the agent without validation.

browser-qa