The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Loads an external browser script from the vendor's official domain (https://app.customware.ai/support-widget/customware-chat.js) to provide the chat widget functionality.
[COMMAND_EXECUTION]: The widget supports 'Page operation,' a feature that allows the AI-backed assistant to interact with the host application's DOM (e.g., clicking buttons, filling forms, and selecting options) to perform actions on behalf of the user.
[DATA_EXFILTRATION]: The skill facilitates the transfer of visitor metadata (limited to name and email) and page context to the vendor's service to enable support functionality. It explicitly warns against including sensitive data, tokens, or secrets in the widget's attributes or the DOM content accessible to the widget.
[PROMPT_INJECTION]: The 'Page operation' capability introduces an indirect prompt injection surface where the agent processes information from the visible host page. Ingestion points: Host page content and domain context as described in SKILL.md. Boundary markers: Instructions requiring user-initiated requests and forbidding hardcoded prompts. Capability inventory: UI interaction tools (click, fill, navigate, replace, submit) via the customware-chat element. Sanitization: Guidelines on using visible controls and managing secrets as detailed in references/component-usage.md.

customware-support-widget