The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The scripts/install.sh script downloads the Lightpanda browser binary from its official GitHub repository (lightpanda-io/browser).
[COMMAND_EXECUTION]: The installation script utilizes standard system utilities like curl, jq, and sha256sum to manage the installation and verification of the browser binary. The skill subsequently executes the lightpanda binary to provide headless browsing capabilities.
[REMOTE_CODE_EXECUTION]: The skill facilitates the download and execution of a remote binary. Security is maintained through explicit integrity verification, where the script compares the downloaded file's SHA256 checksum with the expected digest retrieved from the GitHub Release API.
[PROMPT_INJECTION]: The skill processes external web content which introduces a potential surface for indirect prompt injection.
Ingestion points: The browser navigates to and reads arbitrary URLs via page.goto() as seen in the usage examples in SKILL.md.
Boundary markers: No explicit boundary markers or instructions are defined to separate untrusted web content from the agent's internal logic.
Capability inventory: The skill starts a browser server (lightpanda serve) and enables remote control through the Chrome DevTools Protocol.
Sanitization: The skill does not implement sanitization or filtering of the extracted web content before it is processed by the agent.

Lightpanda