The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides an eval command that allows the agent to execute arbitrary JavaScript within the browser context. This includes support for passing scripts via standard input or as Base64-encoded strings using the -b or --base64 flags.
[DATA_EXFILTRATION]: The agent-browser open command supports the file:// protocol and includes an --allow-file-access flag, enabling the agent to read local files from the host system's filesystem.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing content from external websites.
Ingestion points: Data enters the agent's context from any URL via the open and snapshot commands, which ingest HTML structure and text content.
Boundary markers: The skill's templates and instructions do not include boundary markers or specific guidance to the agent to ignore instructions embedded in the visited pages.
Capability inventory: The agent can perform high-privilege browser actions, including clicking buttons, filling forms, executing JavaScript, and saving session state.
Sanitization: There is no evidence of content sanitization or filtering before page data is presented to the agent.
[CREDENTIALS_UNSAFE]: The skill provides commands for managing sensitive data, including agent-browser set credentials for HTTP basic auth and agent-browser state save, which exports session cookies and storage to a local JSON file.
[EXTERNAL_DOWNLOADS]: The documentation for iOS mobile automation requires the manual installation of the appium package and its drivers via the npm package manager.

agent-browser