The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the browse CLI tool, which the documentation recommends installing from the official npm registry (npm install -g browse).
[COMMAND_EXECUTION]: The skill's Node.js scripts (start-capture.mjs, snapshot-loop.mjs, etc.) use spawn and execFileSync to interact with the local browse CLI and system commands like node and pkill. All commands are executed with argument arrays rather than shell strings, mitigating command injection risks.
[DATA_EXFILTRATION]: The skill communicates with Browserbase (a well-known browser-as-a-service platform) to manage remote sessions and download artifacts. All network activity is directed to official endpoints and is required for the skill's primary function.
[PROMPT_INJECTION]: The skill is designed to ingest untrusted data from external websites (CDP logs, DOM snapshots). While this creates an attack surface for indirect prompt injection, it is necessary for the skill's primary purpose. 1. Ingestion points: Website data enters via browse cdp and browse get html into .o11y/ directory files. 2. Boundary markers: Captured data is stored in raw formats (NDJSON/HTML) without explicit markers to signal to the agent that the content is untrusted. 3. Capability inventory: The skill uses spawn and execFileSync to execute the browse CLI tool and performs local filesystem operations. 4. Sanitization: Log data is parsed as JSON, but the content of strings is not sanitized for potential instructions before being presented to the agent.

browser-trace