The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes a custom binary playwright-cli via Bash to perform browser automation tasks. It provides a wide array of subcommands for navigating, interacting with, and inspecting web pages.
[REMOTE_CODE_EXECUTION]: The skill includes the run-code and eval commands which allow for the execution of arbitrary JavaScript and Node.js code within the browser or automation context. This capability is a powerful feature but represents a high-risk vector for executing logic that could bypass standard security boundaries if the agent is misled.
[DATA_EXFILTRATION]: The skill provides tools for exporting sensitive session data, including cookies and localStorage, through the cookie-list and state-save commands. Additionally, tracing and video recording features can capture detailed snapshots of user interactions and network traffic, which may contain sensitive information.
[PROMPT_INJECTION]: The skill's primary function is to ingest and act upon data from external, untrusted websites, making it susceptible to indirect prompt injection. Malicious instructions embedded in web page content (e.g., in metadata, hidden elements, or DOM snapshots) could attempt to manipulate the agent into misusing its capabilities.
Ingestion points: Browser snapshots, element text contents, and information returned from the eval or run-code commands.
Boundary markers: None are specified in the provided instructions; the agent is expected to rely on element references provided in snapshots.
Capability inventory: Full browser control, arbitrary code execution via run-code, filesystem access for state saving and profiles, and network routing manipulation.
Sanitization: There is no evidence of sanitization or validation of data retrieved from external web pages before it is processed by the agent.

playwright-cli