The Agent Skills Directory

[SAFE]: The skill implements strong security boundaries by explicitly blocking sensitive fields such as passwords and credit card information from automation, requiring manual user entry instead as defined in the SKILL.md guidelines.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes data from external web pages. Ingestion points: Accessibility tree data from web pages is read via read_page and find tools (see SKILL.md). Boundary markers: No explicit delimiters are used to wrap ingested page content to prevent the agent from following instructions found on the page. Capability inventory: The skill can interact with the browser using form_input, computer, and screenshot actions. Sanitization: Input validation is handled via the validate_form.py script for specific data formats like email and phone, but general sanitization of the accessibility tree content is not implemented. This finding is assessed as safe given the skill's primary focus on user-approved form filling and strict rules against processing sensitive data.

chrome-form-filler