The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill initiates external downloads to set up its environment, specifically using npm to install playwright-chromium and npx to download the Chromium browser binary. It also employs uvx to fetch and execute the pycookiecheat package at runtime for token extraction.
[DATA_EXFILTRATION]: The slack-token-refresh.sh script accesses sensitive local information by using lsof to find and read the Google Chrome Cookies database. Additionally, it uses AppleScript to peek into open browser tabs and extract localStorage data (including authentication tokens) from app.slack.com sessions.
[REMOTE_CODE_EXECUTION]: The playwright-bridge.js script provides an execution surface via page.evaluate(), allowing the agent to run arbitrary JavaScript in a browser context. The slack-api.sh script dynamically constructs these JavaScript strings using shell variable interpolation, which creates a significant dynamic code execution path.
[COMMAND_EXECUTION]: The skill uses several bash scripts to perform system-level tasks, such as managing session files in ~/.agents/config/slack, executing osascript for browser interaction, and using curl to transmit data to Slack's API endpoints.
[PROMPT_INJECTION]: The skill is designed to retrieve and process untrusted data from Slack messages, threads, and search results. It lacks explicit boundary markers or sanitization logic to prevent the agent from inadvertently executing instructions that might be embedded within Slack message content.

slack