The Agent Skills Directory

Browser Interaction and Content Ingestion: The skill allows the agent to navigate websites and extract content using commands like snapshot and get text. This creates a surface for indirect prompt injection, where instructions embedded in a web page could potentially influence the agent's behavior.
Ingestion points: Data enters the context via agent-browser snapshot and agent-browser get text (documented in SKILL.md).
Boundary markers: The provided templates do not explicitly define boundary markers for untrusted web content.
Capability inventory: The agent has access to agent-browser capabilities including click, fill, eval, and file writes via screenshot and pdf (documented in SKILL.md).
Sanitization: Content sanitization is managed by the underlying browser automation framework used by the agent-browser CLI.
Session and State Management: The skill provides commands to save and load browser state, such as cookies and local storage (agent-browser state save/load). While this is essential for maintaining authenticated sessions, users should ensure state files containing session tokens are handled securely, as noted in the skill's documentation.
Dynamic JavaScript Execution: The eval command and the cursor injection techniques in references/video-recording.md involve executing JavaScript within the browser context. This is a standard pattern for advanced browser automation and DOM manipulation tasks.
Custom Executable and Proxy Support: The skill supports the use of custom browser executables and proxy configurations. These features are standard for browser automation tools, facilitating geo-testing and integration with corporate environments.

agent-browser