The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates and executes JavaScript scripts to drive browser automation via Playwright and the Chrome DevTools Protocol (CDP).
[EXTERNAL_DOWNLOADS]: The skill references the playwright package, which may involve installation from a public registry if not already present in the environment. As Playwright is a well-known tool from a trusted vendor, this is a standard dependency.
[DATA_EXFILTRATION]: The skill's capability to capture heap snapshots, network logs, and screenshots of UI surfaces presents a risk of sensitive data exposure (e.g., credentials in memory or headers). The risk is mitigated by the skill's focus on local environments (127.0.0.1).
[PROMPT_INJECTION]: The skill ingests untrusted data from web pages and Electron applications during automated interactions, creating a surface for indirect prompt injection.
Ingestion points: Web page titles, URLs, and DOM structures (SKILL.md).
Boundary markers: None present; the agent relies on app-specific markers like data-* attributes.
Capability inventory: JavaScript execution within the browser, file system writes for artifacts (screenshots), and browser-based network access.
Sanitization: No sanitization or filtering of ingested DOM content is mentioned before it is processed by the agent.

control-ui