The Agent Skills Directory

[COMMAND_EXECUTION]: The script executes browser-level actions such as clicking, typing, and navigation using Playwright based on commands received from the LLM. This allows the model to perform arbitrary interactions within the browser environment.- [DATA_EXFILTRATION]: Browser state, including full screenshots and the current URL, is periodically sent to the Gemini API. Users should be aware that sensitive information visible in the browser will be shared with the model provider during the agent loop.- [EXTERNAL_DOWNLOADS]: The skill depends on the "google-genai" and "playwright" packages, as well as browser binaries installed via the "playwright install" command. These are well-known resources from established providers.- [PROMPT_INJECTION]: The agent is vulnerable to indirect prompt injection where instructions embedded in the visual content of a website could manipulate the agent's behavior.
Ingestion points: Captures screenshots of potentially untrusted web pages via page.screenshot in "scripts/computer_use_agent.py".
Boundary markers: No delimiters or safety instructions are present to distinguish between legitimate user goals and text appearing within the captured browser viewport.
Capability inventory: The agent possesses high-impact capabilities including navigation, text input, and keyboard shortcut execution as defined in "scripts/computer_use_agent.py".
Sanitization: No validation or sanitization is performed on the rendered web content or screenshots before they are passed to the multimodal model.

gemini-computer-use