The Agent Skills Directory

[DYNAMIC_EXECUTION]: The run.js script implements a pattern for executing arbitrary JavaScript code. It takes input from command-line arguments, files, or stdin, writes it to a temporary file in the skill directory (.temp-execution-*.js), and then executes it using require(). This constitutes dynamic code execution from computed paths.
[COMMAND_EXECUTION]: The skill's primary execution model involves the agent writing custom scripts and executing them via the run.js wrapper. This provides a direct path for the agent to execute Node.js commands, which can include shell command execution via the child_process module.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to interact with external websites and extract content using helpers like extractTexts and extractTableData.
Ingestion points: Data enters the agent's context through web scraping helpers in lib/helpers.js and Playwright's native page content functions.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are used when processing scraped content.
Capability inventory: The skill possesses full Node.js execution capabilities through run.js, file system access, and network access.
Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external websites before it is processed by the agent.
[DATA_EXFILTRATION]: The detectDevServers function in lib/helpers.js probes the local machine's network by attempting to connect to common development ports (e.g., 3000, 3001, 8080). While intended for automated testing setup, this capability allows for internal network discovery.

playwright-skill