The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/start-server.ts file uses execSync to execute shell commands like lsof, kill, netstat, and taskkill. These commands are used to find and terminate processes running on specific network ports (9224 and 9225) to ensure a clean startup environment.- [EXTERNAL_DOWNLOADS]: The skill uses rebrowser-playwright, an unofficial fork of the Playwright library designed to bypass bot detection mechanisms. This introduces a supply-chain risk as the dependency is not from the official vendor.- [EXTERNAL_DOWNLOADS]: The scripts/start-server.ts file automatically triggers browser binary downloads using npx playwright install chromium if the required browser is not found locally.- [REMOTE_CODE_EXECUTION]: The tools browser_evaluate, browser_script, and browser_batch_actions allow the agent to execute arbitrary JavaScript code within the context of a web page. While intended for automation, this allows the agent to run code that interacts with the browser's DOM and potentially external APIs.- [PROMPT_INJECTION]: The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
Ingestion points: Untrusted data enters the agent context through browser_snapshot, browser_get_text, and browser_evaluate which read content from external websites.
Boundary markers: There are no explicit boundary markers or instructions in the code to treat scraped content as untrusted data.
Capability inventory: The skill has significant capabilities including process management via execSync and the ability to perform network requests from the browser.
Sanitization: There is no evidence of sanitization or filtering of the content retrieved from web pages before it is returned to the agent.

dev-browser