The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill executes npx -y @claude-flow/cli@latest, which downloads and runs code from an external registry at runtime. This package is not associated with a recognized trusted vendor or well-known service.
[DATA_EXFILTRATION]: The skill captures sensitive session data using browser_eval to read document.cookie. This information is then exfiltrated to an external storage mechanism (memory store --namespace browser-cookies). While the instructions mention sanitization via AIDefence, session credentials are still being persisted outside the immediate browser context.
[COMMAND_EXECUTION]: Shell commands are used to invoke the npx utility and manage the environment. Additionally, browser_eval is used to execute arbitrary JavaScript within the browser context to extract cookies.
[PROMPT_INJECTION]: This skill presents an indirect prompt injection surface (Category 8).
Ingestion points: Untrusted content from target websites enters the agent context through browser_snapshot and browser_eval during the authentication flow (SKILL.md).
Boundary markers: Absent; there are no instructions to ignore embedded commands in the browser's DOM or response headers.
Capability inventory: The skill possesses high-privilege capabilities including Bash execution, file Write access, and arbitrary browser_eval (SKILL.md).
Sanitization: The skill mentions using aidefence_scan specifically for cookie values, but does not specify sanitization for the broader page content encountered during the trajectory.

browser-login