The Agent Skills Directory

[DATA_EXFILTRATION]: The skill features a built-in mechanism to access and import session cookies from the user's local browsers (Chrome, Firefox, and Edge) via the cookies configuration option. This allows scraping scripts to access private, authenticated areas of websites using the user's active credentials.
[COMMAND_EXECUTION]: The skill's primary workflow involves executing the flyscrape command-line interface to run JavaScript files. This involves executing arbitrary code within the scraper environment and running local commands.
[COMMAND_EXECUTION]: When 'browser mode' is enabled, the tool automatically downloads and executes a Chromium binary. This involves fetching and running an external executable at runtime.
[DATA_EXFILTRATION]: The documentation and examples (e.g., references/config.md) encourage the use of custom headers, specifically demonstrating Authorization: Bearer tokens, which increases the risk of hardcoding and exposing sensitive API credentials.
[PROMPT_INJECTION]: The skill possesses a high risk of indirect prompt injection as it ingests untrusted data from the public internet and processes it for the agent.
Ingestion points: External HTML content is fetched and parsed into the doc object in all provided scripts (e.g., examples/ecommerce.js, examples/seo-audit.js).
Boundary markers: None identified; extracted data is returned to the agent without delimiters or warnings regarding embedded instructions.
Capability inventory: The skill can write files to the local system (via the download function in examples/image-downloader.js) and execute shell commands (flyscrape run).
Sanitization: No sanitization or validation is performed on the extracted content; scripts use .text() to retrieve raw strings directly from web elements.

flyscrape