The Agent Skills Directory

[COMMAND_EXECUTION]: The evaluate.js script uses the eval() function to execute arbitrary JavaScript code within the browser's page context, based on input provided through the --script parameter.
[CREDENTIALS_UNSAFE]: The inject-auth.js script handles sensitive authentication data, such as session cookies and Bearer tokens. This information is persisted in a local file (.auth-session.json) to allow session reuse across different script executions.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Ingestion points: Data is ingested from external websites via aria-snapshot.js, snapshot.js, console.js, and network.js. Boundary markers: The extracted content is returned as structured JSON but lacks specific delimiters or instructions to the LLM to ignore embedded commands. Capability inventory: The skill can perform active operations like clicking, form filling, and arbitrary JavaScript execution via click.js, fill.js, and evaluate.js. Sanitization: While lib/selector.js includes checks for XPath injection, there is no sanitization of the general page content retrieved from the browser.
[COMMAND_EXECUTION]: The install-deps.sh script executes sudo apt-get install commands to install necessary system libraries for Chromium, which requires administrative privileges.

chrome-devtools