The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches and executes packages from the NPM registry using bunx and npx, specifically @playwright/cli and playwright. This is a standard method for utilizing these tools but involves executing code from a remote registry. \n- [REMOTE_CODE_EXECUTION]: The run-code and eval commands allow for the execution of arbitrary JavaScript within the browser context. This is a core feature for advanced web automation but represents a significant capability that could be misused if the agent processes untrusted input from a malicious website. \n- [COMMAND_EXECUTION]: The skill relies on executing shell commands to interact with the Playwright CLI, manage browser processes, and handle files. This includes commands for managing sessions, taking screenshots, and running tests. \n- [DATA_EXFILTRATION]: The skill provides extensive tools for reading and modifying sensitive browser data, including cookies, localStorage, and sessionStorage. These tools include capabilities to save and load entire authentication states to disk (state-save/state-load). While intended for session persistence, these features could be used to expose or exfiltrate credentials. \n- [PROMPT_INJECTION]: The skill possesses a surface area for indirect prompt injection. It ingests untrusted data from external web pages via snapshots and evaluations while possessing high-privilege capabilities like storage access and script execution. \n
Ingestion points: Browser DOM snapshots, page evaluations, and network trace logs. \n
Boundary markers: None identified in the provided instructions. \n
Capability inventory: Arbitrary JavaScript execution (run-code, eval), credential management (state-save, cookie-get), and network interception. \n
Sanitization: No explicit sanitization of web content before processing by the agent is described.

playwright-cli