The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The run.js script implements a dynamic execution engine that accepts JavaScript code from files, arguments, or standard input, wraps it in a template, and executes it using Node.js dynamic import(). This allows the agent to execute arbitrary logic on the local system.
[EXTERNAL_DOWNLOADS]: The package.json and run.js files contain instructions to download and install Node.js packages from the npm registry and browser binaries from Microsoft's official infrastructure during setup.
[COMMAND_EXECUTION]: The skill uses execSync to run shell commands for environment configuration and dependency management, specifically for running npm or bun and the Playwright CLI to install browsers.
[DATA_EXFILTRATION]: The browser automation capabilities allow for programmatic navigation and data extraction from any URL. The link-checker.js example demonstrates performing network requests to arbitrary external endpoints, which could be misused for unauthorized scanning.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when processing untrusted web data.
Ingestion points: Data is extracted from web pages via lib/helpers.js (text and table extraction) and examples/link-checker.js (URL extraction).
Boundary markers: No delimiters or special instructions are present to differentiate untrusted web content from agent instructions.
Capability inventory: The skill environment possesses high-privilege capabilities including file system access and dynamic code execution via run.js.
Sanitization: No validation or sanitization of external web content is performed before it enters the agent's context.

playwright