The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple local Node.js scripts for browser automation tasks. The installation process includes install-deps.sh, which utilizes sudo to install necessary system libraries for Chrome on Linux-based systems. Additionally, the skill's documentation explicitly guides the agent to write and execute custom JavaScript files locally for complex automation workflows.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from external websites via ARIA snapshots (aria-snapshot.js) and DOM snapshots (snapshot.js). These snapshots are processed by the agent without explicit boundary markers or sanitization, potentially allowing malicious website content (such as labels or hidden text) to influence the agent's logic or downstream actions.
[CREDENTIALS_UNSAFE]: The inject-auth.js script accepts sensitive authentication tokens and cookies as command-line arguments. These credentials, along with browser session data, are saved to local files (.auth-session.json and .browser-session.json), creating a risk of credential exposure if the local file system is not strictly secured.
[EXTERNAL_DOWNLOADS]: The install.sh script performs a standard npm install, which downloads necessary Node.js dependencies from the well-known NPM registry. While these are trusted sources, they represent external code being introduced into the environment.

chrome-devtools