The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructions expose a surface for indirect prompt injection by processing untrusted data from external websites. \n- Ingestion points: The skyvern browser extract, skyvern browser act, and skyvern browser run-task commands in SKILL.md ingest content from arbitrary web pages. \n- Boundary markers: The skill does not provide explicit delimiters or instructions to the agent to ignore embedded commands in the web content. \n- Capability inventory: The skyvern tool has extensive capabilities, including form submission, browser navigation, and workflow execution. \n- Sanitization: There is no evidence of sanitization or filtering of the external web data before it is processed by the agent. \n- [SAFE]: The skill implements strong credential safety guidelines by explicitly forbidding passwords in cleartext commands and directing users to a credential management system (skyvern credentials add). \n- [SAFE]: The skill includes instructions to minimize the impact of automated actions by requiring user confirmation for state-changing operations like purchases or form submissions. \n- [SAFE]: The skill references documentation and configuration guidelines from the Skyvern-AI GitHub repository.

skyvern-browser-automation