The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of the playwright Python package and the Chromium browser binary. Since these are maintained by a trusted organization (Microsoft), the severity is downgraded from MEDIUM to LOW per the [TRUST-SCOPE-RULE].\n- [DATA_EXFILTRATION] (LOW): The script scripts/playwright_runner.py performs outbound network operations to fetch data from arbitrary, user-provided URLs. While this is necessary for its purpose, it constitutes a potential vector for data exposure to non-whitelisted domains.\n- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8):\n
Ingestion points: The playwright_runner.py script navigates to and parses content (titles, links, H1 tags) from external websites.\n
Boundary markers: Absent. There are no delimiters or instructions to the agent to ignore commands found within the fetched web content.\n
Capability inventory: The skill allows powerful system tools including Bash, Write, and Edit, which could be exploited if an agent obeys instructions embedded in a malicious website.\n
Sanitization: None. The script returns raw content from the external pages directly to the agent's context.

webapp-testing