The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its browser automation and terminal monitoring features. Ingestion points: orca snapshot, orca console, orca network, and orca terminal read bring untrusted data from web pages and terminal outputs into the agent context. Boundary markers: There are no specific instructions or delimiters to help the agent ignore instructions embedded in the ingested data. Capability inventory: The agent can perform sensitive actions such as orca terminal send, orca eval, orca click, and orca exec. Sanitization: No sanitization or validation of external content is performed before processing.
[REMOTE_CODE_EXECUTION]: The skill allows the agent to execute arbitrary code within a browser context. The orca eval --expression <js> command enables the execution of JavaScript directly in the active browser page.
[COMMAND_EXECUTION]: The skill provides tools for direct interaction with the host terminal. The orca terminal send and orca terminal create --command <command> actions allow the agent to execute commands in Orca-managed terminal panes.
[CREDENTIALS_UNSAFE]: The skill provides commands that can access sensitive browser information. The orca cookie get command allows the agent to retrieve browser cookies, which may contain session tokens or other sensitive data.

orca-cli