The Agent Skills Directory

[DATA_EXFILTRATION]: The run_browsing_task function includes a webhook_url parameter intended for completion notifications. This feature allows the skill to transmit data extracted from websites to external HTTPS endpoints. When used with the browser: "local" configuration—which grants access to the user's active desktop session and authenticated states—this creates a mechanism where sensitive information could be sent to unauthorized third-party services if the task is maliciously constructed.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from external websites.
Ingestion points: The agent reads and interacts with content from the start_url and any pages navigated to during the execution of the task (defined in SKILL.md).
Boundary markers: There are no instructions or delimiters specified to prevent the agent from following malicious instructions that might be hidden within the HTML, metadata, or text of the websites being browsed.
Capability inventory: The agent has the ability to perform complex browser interactions, extract data, and transmit it via webhooks using the run_browsing_task tool.
Sanitization: The skill does not implement validation or filtering of the website content before the agent processes it for decision-making or data extraction.

yutori-browse