The Agent Skills Directory

[COMMAND_EXECUTION]: The harness script scripts/evaluate.mjs uses execFileSync to run shell commands. By default, it invokes npx acpx with the --approve-all flag, which grants the delegated AI agent full permission to execute arbitrary commands in the local shell environment without manual oversight.\n- [EXTERNAL_DOWNLOADS]: The skill setup requires downloading external dependencies from the NPM registry, specifically the acpx and agent-browser packages. Additionally, agent-browser install triggers the download of browser runtimes (e.g., Chromium) from remote servers.\n- [REMOTE_CODE_EXECUTION]: The evaluate.mjs script facilitates the execution of code via a delegated agent model through acpx exec. This execution environment is dynamic and influenced by a prompt that incorporates content from external websites and local task configuration files.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of processing untrusted web data with a high-privilege agent.\n
Ingestion points: task.md, strategy.md, and live web content accessed via agent-browser.\n
Boundary markers: The prompt in evaluate.mjs uses Markdown headers to separate instructions from data but lacks explicit negative constraints to ignore instructions embedded in the ingested content.\n
Capability inventory: The delegated agent can execute shell commands via acpx, write local files for traces/screenshots, and perform network requests via agent-browser.\n
Sanitization: There is no evidence of content sanitization or filtering for the data fetched from the web before it is presented to the agent.

autobrowse-agent-browser