The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's documentation suggests using npx playwright-cli as a fallback for local installation, which involves downloading and executing packages from the public NPM registry at runtime.\n- [REMOTE_CODE_EXECUTION]: The use of npx constitutes remote code execution from an external registry. Furthermore, the skill provides a run-code command designed to execute arbitrary Playwright and Node.js code passed as a string argument.\n- [COMMAND_EXECUTION]: The skill makes extensive use of system commands through the playwright-cli binary. It includes an eval command that executes arbitrary JavaScript within the context of the active web page.\n- [DATA_EXFILTRATION]: The skill provides numerous commands to access sensitive user data within the browser, including cookie-get, cookie-list, localstorage-get, and sessionstorage-get. It also provides instructions for reading the system clipboard via run-code (navigator.clipboard.readText()).\n- [PROMPT_INJECTION]: The skill has a high surface area for indirect prompt injection. It navigates to and extracts data from external websites (via goto, open, and snapshot) and has powerful capabilities (file writes, network access, code execution). There are no mentioned boundary markers or sanitization steps to prevent malicious web content from influencing the agent's behavior through the snapshots provided.\n
Ingestion points: Browser navigation and snapshots of web page content (SKILL.md).\n
Boundary markers: Absent; snapshots are provided to the agent without explicit instructions to ignore embedded commands.\n
Capability inventory: File system writes (screenshot, pdf, state-save, video-stop), arbitrary JS execution (eval, run-code), and network operations via the browser.\n
Sanitization: Absent; the skill does not appear to filter or sanitize the DOM content before presenting snapshots to the agent.

playwright-cli