The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies entirely on the agent-browser CLI tool to perform browser actions, including element interaction, navigation, and state management.
[EXTERNAL_DOWNLOADS]: Includes commands to install external dependencies and binaries, specifically Chromium via agent-browser install and recommendations for installing Appium via npm for mobile automation.
[DATA_EXFILTRATION]: The tool supports the --allow-file-access flag, enabling the browser to open local files (e.g., file:///path/to/file). This presents a risk of sensitive data exposure if an agent is tricked into reading system files or configuration data. Additionally, state save exports session cookies and authentication tokens to local files.
[PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection.
Ingestion points: Content is ingested from any URL provided to agent-browser open and subsequently read via snapshot or get text commands.
Boundary markers: None. Web content is returned directly to the agent's context.
Capability inventory: The skill allows for file system access, network request interception/routing, and browser-side script execution.
Sanitization: There is no evidence of sanitization or filtering of the content retrieved from websites before it is processed by the agent.
[REMOTE_CODE_EXECUTION]: Provides an eval command to execute arbitrary JavaScript within the browser context. The skill documentation specifically suggests methods (like base64 encoding or stdin) to ensure complex scripts are executed without shell corruption, which can be leveraged to run sophisticated logic in the browser context.

agent-browser