The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references and executes @team-attention/chromux from the npm registry using the npx command to facilitate browser-mode testing. This is a vendor-owned package associated with the skill's author ('team-attention') and follows standard development practices for remote dependency usage.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to its core functionality of processing untrusted data from applications-under-test.
Ingestion points: The skill retrieves data from external environments via accessibility trees (chromux snapshot), visual screenshots (mcp__computer-use__screenshot), and terminal screen buffers (tmux capture-pane).
Boundary markers: The instructions lack explicit delimiters or specific warnings to ignore instructions embedded within the data retrieved from target applications.
Capability inventory: The skill has access to sensitive tools including Bash (shell execution), Write/Edit (file system modification), and the ability to perform git commit operations on the local repository.
Sanitization: There is no evidence of sanitization or validation of the ingested application data before it is processed by the agent.

qa