The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill includes a run-code command that allows for the execution of arbitrary Playwright and JavaScript code within the browser context. This provides an unconstrained execution environment for scripts.
Evidence: playwright-cli run-code "async page => { ... }" described in references/running-code.md and references/request-mocking.md.
[DATA_EXFILTRATION]: Extensive commands are provided to extract sensitive browser data, including session cookies and local/session storage. These tools can be used to harvest authentication tokens or other private user information.
Evidence: playwright-cli cookie-list, playwright-cli cookie-get, playwright-cli state-save, and playwright-cli localstorage-list in references/storage-state.md.
[COMMAND_EXECUTION]: The skill utilizes a specialized CLI tool (playwright-cli) to interact with the system and web environment, enabling actions such as file uploads, downloads, and complex browser manipulations.
Evidence: Commands like playwright-cli open, playwright-cli upload, and playwright-cli screenshot throughout the documentation.
[PROMPT_INJECTION]: The skill is designed to ingest and process data from external web pages, which is a primary vector for indirect prompt injection. Malicious sites could provide instructions that the agent might inadvertently follow.
Ingestion points: Browser snapshots, page titles, and URLs.
Boundary markers: No explicit delimiters or instructions are provided to the agent to help it distinguish between legitimate data and embedded malicious instructions.
Capability inventory: The agent has high-privilege browser capabilities and script execution rights via the run-code tool.
Sanitization: There is no evidence of content sanitization or validation before the web data is processed by the agent.

playwright-cli