The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill automates dependency installation via npm install within the setup.sh script and utilizes curl for real-time caption logging. These operations execute code or network requests based on instructions in the skill folder.
EXTERNAL_DOWNLOADS (MEDIUM): Installation triggers the download of multiple Node.js packages. Specifically, the ffmpeg-static dependency downloads a pre-compiled binary during its installation phase.
DATA_EXFILTRATION (LOW): The Chrome extension requests <all_urls> and tabs permissions to capture screenshots via captureVisibleTab. Although frames are sent to a local server (localhost:9234), this mechanism provides the agent with the capability to observe and capture sensitive information on any webpage the user visits.
PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted browser data. 1. Ingestion points: service-worker.js retrieves tab titles and URLs via chrome.tabs.query. 2. Boundary markers: None are defined for the metadata passed to the bridge server. 3. Capability inventory: The architecture involves file-system writes (frames) and subprocess execution (FFmpeg). 4. Sanitization: No sanitization or validation of browser-sourced strings is performed before processing.

record-screen