The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill correctly instructs users to manage sensitive API keys through environment variables (e.g., BROWSERBASE_API_KEY) rather than hardcoding them, adhering to security best practices.- [EXTERNAL_DOWNLOADS]: Installation instructions reference the official Browserbase CLI packages (@browserbasehq/browse-cli and @browserbasehq/cli) from the standard NPM registry.- [COMMAND_EXECUTION]: The skill executes shell commands and internal scripts using Node.js's spawn and execFileSync methods without the shell option enabled. This prevents shell-based command injection from potentially malicious input.- [PROMPT_INJECTION]: As an observability tool, the skill ingests data from external websites (CDP events, DOM content). While this creates a surface for indirect prompt injection where malicious site content could attempt to influence the agent, this is a known and accepted risk factor for browser-based automation tools and is not a flaw in the skill's implementation.

browser-trace