The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The install.py script utilizes subprocess.run(shell=True) to install dependencies. Although the commands are currently hardcoded, shell execution is a sensitive operation that can be exploited if command strings are ever dynamically constructed from untrusted input.\n- EXTERNAL_DOWNLOADS (SAFE): The installation process downloads the playwright library and browser binaries from established repositories. As Playwright is maintained by Microsoft (a trusted organization), these downloads are considered low risk for this use case.\n- PROMPT_INJECTION (LOW): The skill's core functionality involves reading data from external websites, which introduces a surface for Indirect Prompt Injection (Category 8).\n
Ingestion points: Methods like page.content(), text_content(), and page.evaluate() in SKILL.md and examples/search_example.py.\n
Boundary markers: Absent; no delimiters or instructions are provided to the agent to ignore instructions embedded in the scraped data.\n
Capability inventory: The skill allows Bash, Exec, Read, and Write operations, which significantly increases the impact if an injection attack succeeds.\n
Sanitization: No evidence of sanitization or filtering of the ingested web content before processing.

playwright-automation