The Agent Skills Directory

[DATA_EXPOSURE_&_EXFILTRATION]: The skill enforces safe credential management by requiring authentication data to be sourced exclusively from environment variables. It prohibits hardcoding secrets or storing them in plain text.
[INDIRECT_PROMPT_INJECTION]: As a browser automation tool, the skill acknowledges the risk of indirect prompt injection from untrusted web content. It mitigates this by referencing a mandatory fetch safety protocol (_common/WEB_FETCH_SAFETY.md) and instructing the agent to pass all extracted content through injection classifiers before processing.
[EXTERNAL_DOWNLOADS]: The skill documentation references industry-standard packages including playwright, playwright-extra, and puppeteer-extra-plugin-stealth for its automation and anti-detection capabilities. These are well-known libraries from the browser automation community.
[COMMAND_EXECUTION]: The skill utilizes legitimate MCP tools like playwright_evaluate and browser_run_code to perform its primary function of web interaction. The instructions include robust 'Ask First' and 'Never' boundaries to prevent unauthorized or destructive operations.
[SAFE]: The skill incorporates a 'Stealth Mode' for anti-detection, which is transparently documented with an 'Authorization Gate' requiring ToS compliance and legitimate use-case justification (e.g., accessibility testing, research).

vector