The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file contains explicit instructions to the agent to avoid reading the source code of the provided scripts (e.g., "DO NOT read the source until you try running the script first"). This is a suspicious pattern designed to bypass the agent's internal security inspection and oversight capabilities, potentially hiding malicious behavior in the scripts.\n- [COMMAND_EXECUTION]: The scripts/with_server.py utility facilitates the execution of arbitrary shell commands provided via CLI arguments. It uses subprocess.Popen(..., shell=True), which is a high-risk pattern that allows for arbitrary command injection or execution of malicious logic if the agent follows the instructions to run scripts without inspection.\n- [DATA_EXFILTRATION]: The skill utilizes the Playwright library for browser automation. While the examples focus on localhost, the tool maintains full network access and can be used to capture sensitive local data (e.g., via screenshots or console logs as seen in examples/console_logging.py) and transmit it to external domains if prompted to do so.

webapp-testing