The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The SKILL.md file defines a 'clipboard loader' pattern that uses (0, eval) to execute JavaScript source code read from the system clipboard. This allows for the execution of arbitrary, unverified code and bypasses static security checks.
[COMMAND_EXECUTION]: The skill utilizes the mcp__playwright__browser_run_code tool to execute logic that has access to Node.js system modules like fs and path. Scripts such as 1c-screenshot.js perform file system operations including directory creation and recursive file deletion.
[CREDENTIALS_UNSAFE]: The scripts/1c-login.js utility accepts cleartext passwords as arguments to perform automated logins. This approach exposes sensitive credentials within the agent's execution context and potentially in logs.
[DATA_EXFILTRATION]: The skill includes functionality to capture screenshots and extract all visible form fields (visibleFields) from the 1C interface using 1c-snapshot.js, which may contain sensitive business data.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the 1C web interface (via document.querySelectorAll in 1c-snapshot.js) without sanitization or boundary markers. This data is then used in the agent's context and can influence subsequent browser_run_code calls.

1c-web-session