The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is built around the agent-browser CLI, enabling extensive interaction with the host system and the web through shell commands.
[REMOTE_CODE_EXECUTION]: Provides an eval command that allows execution of arbitrary JavaScript in the browser context, supporting both plain text and Base64-encoded payloads.
[CREDENTIALS_UNSAFE]: Includes functionality to save and load browser session states, including cookies and authentication tokens, to local files like auth-state.json.
[DATA_EXFILTRATION]: Facilitates the extraction of sensitive information from web pages through commands for getting text, HTML, screenshots, and PDFs.
[PROMPT_INJECTION]: The skill has a large attack surface for indirect prompt injection (Category 8) because it ingests untrusted data from websites (via snapshot and get text) and allows that data to influence agent behavior without sanitization or explicit boundary markers. 1. Ingestion points: Data from websites enters the agent context via snapshot and get text commands (SKILL.md). 2. Boundary markers: No delimiters or ignore-instructions are used for external content. 3. Capability inventory: The skill has access to Bash, JavaScript eval, and file-writing capabilities. 4. Sanitization: No sanitization is performed on the ingested web content.

agent-browser