The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it uses Playwright to browse and interact with web pages, bringing untrusted external data into the agent's context. Ingestion points: Browser content retrieved via 'page.goto' and interaction scripts in SKILL.md. Boundary markers: None; the skill does not instruct the agent to use delimiters or ignore instructions found on web pages. Capability inventory: The agent can execute shell commands like 'npm run' and perform filesystem operations as described in SKILL.md. Sanitization: None; there is no guidance on sanitizing or validating page content before processing.
[COMMAND_EXECUTION]: The skill instructs the agent to run local shell commands for development and verification. Evidence includes 'echo "$PLAYWRIGHT_BROWSERS_PATH"', 'ls -al /ms-playwright', and 'npm run start' in SKILL.md. These are used for environment inspection and starting the application server.

playwright-in-sandbox