The Agent Skills Directory

Prompt Injection (LOW): Indirect Prompt Injection surface detected. The agent interprets content from external websites which could contain malicious instructions.
Ingestion points: Screenshots and URL content of arbitrary web pages via Playwright as described in SKILL.md.
Boundary markers: No explicit prompt delimiters or 'ignore embedded instructions' warnings are provided in the references.
Capability inventory: High-impact actions including click_at, type_text_at, and key_combination are supported as listed in google-computer-use.md.
Sanitization: No sanitization or filtering of ingested web data is specified in the skill files.
External Downloads (SAFE): The skill requires the installation of standard libraries and browser binaries.
Evidence: pip install google-genai playwright and playwright install chromium.
[TRUST-SCOPE-RULE]: google-genai is a package from a trusted organization (Google).

gemini-computer-use