The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides an interface to the agent-browser CLI, allowing for extensive browser automation. This includes the ability to execute arbitrary JavaScript within the browser context using the eval command and perform multi-step workflows using batch execution.
[DATA_EXFILTRATION]: Supports interaction with local system files via the file:// protocol when the --allow-file-access flag is explicitly provided. This capability allows the agent to read and process local documents within the browser environment.
[DATA_EXFILTRATION]: By default, browser session state files (e.g., auth.json) store sensitive authentication tokens and cookies in plaintext. The skill provides instructions for using the AGENT_BROWSER_ENCRYPTION_KEY environment variable to secure these files at rest.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external websites.
Ingestion points: Web content is brought into the agent's context through snapshot, get text, and screenshot --annotate commands, as described in SKILL.md and references/snapshot-refs.md.
Boundary markers: The skill supports an optional AGENT_BROWSER_CONTENT_BOUNDARIES feature that wraps page content in nonces to help the agent distinguish it from system instructions.
Capability inventory: The skill possesses powerful capabilities including arbitrary navigation, form interaction, and network request routing, as detailed in references/commands.md.
Sanitization: Provides optional security controls such as domain allowlists (AGENT_BROWSER_ALLOWED_DOMAINS) and action policies to restrict the agent's operations.
[COMMAND_EXECUTION]: Automatically manages background daemon processes for session persistence and can initiate WebSocket stream servers on local ports for live session monitoring.

agent-browser