The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external web pages. An attacker could embed malicious instructions in a website's HTML or console logs that the agent might follow when interpreting the validation report.
Ingestion points: The validate_url function in lib/web_page_validator.py captures page content, browser console logs, and network performance data from user-provided URLs.
Boundary markers: The skill does not define specific delimiters or instructions to the agent to ignore embedded commands within the analyzed web data.
Capability inventory: The skill utilizes subprocess.run, subprocess.Popen, and urllib.request for its operations, and includes functionality to write files to the .claude/screenshots directory.
Sanitization: No sanitization or filtering logic is described for the captured browser logs or page content before they are rendered in the final report.
[COMMAND_EXECUTION]: The instructions frequently direct the agent to execute shell commands for environment setup, server management, and running the validator, such as python lib/web_page_validator.py http://localhost:3000 --viewport all --screenshot and pip install selenium.
[CREDENTIALS_UNSAFE]: The documentation includes an example AuthConfig block with hardcoded credentials: email="test@example.com" and password="TestPass123!". While intended as examples, they represent a pattern of hardcoding secrets.
[EXTERNAL_DOWNLOADS]: The skill fetches the axe-core accessibility testing library from Cloudflare's well-known cdnjs.cloudflare.com domain using dynamic script injection and references ChromeDriver downloads from chromedriver.chromium.org.

web-validation