The Agent Skills Directory

[PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it ingests untrusted data from external websites that the agent then processes to perform further actions.
Ingestion points: browser_navigate, browser_snapshot, browser_network_requests, and browser_console_messages in SKILL.md.
Boundary markers: Absent. The skill does not instruct the agent to ignore instructions embedded in the web content.
Capability inventory: High-privilege tools including browser_evaluate (JavaScript execution), browser_run_code (Playwright code execution), and CLI execution via npx.
Sanitization: Absent.
[REMOTE_CODE_EXECUTION]: The skill provides tools specifically designed to execute dynamic code within the browser or automation context. While appropriate for the skill's purpose, they are high-capability functions.
Evidence: browser_evaluate for running JavaScript in the page context and browser_run_code for executing Playwright snippets.
[COMMAND_EXECUTION]: The skill documentation includes shell commands for browser installation and test execution.
Evidence: npx playwright install chromium and npx playwright test in SKILL.md.
[CREDENTIALS_UNSAFE]: The documentation describes a workflow for saving and reusing browser authentication states.
Evidence: Instructions for creating and using auth-state.json to persist session cookies and tokens. If not managed correctly (e.g., if committed to version control), this could lead to credential exposure.

playwright-browser