The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides an eval command (agent-browser eval) which allows executing arbitrary JavaScript within the browser context. This is documented as a core feature for complex data extraction and page interaction. It supports execution via Base64 strings or stdin to ensure reliability against shell interpolation issues.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from external websites.\n
Ingestion points: Website content is ingested via snapshot, get text, screenshot, and pdf commands across all script templates.\n
Boundary markers: The skill provides an optional AGENT_BROWSER_CONTENT_BOUNDARIES feature to wrap page-sourced output in markers to help the agent distinguish content from instructions.\n
Capability inventory: The tool possesses high-impact capabilities including eval (JS execution), click, fill, upload, and network route (interception).\n
Sanitization: The skill does not automatically sanitize or filter retrieved page content before presenting it to the agent.\n- [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication data for web sessions. It includes an 'Auth Vault' (agent-browser auth save) for encrypted credential storage and supports saving/loading session states (cookies, localStorage) to local JSON files. Documentation contains examples with placeholder credentials and environment variable usage for secrets.\n- [COMMAND_EXECUTION]: The skill operates by executing shell commands through the agent-browser CLI, allowing for broad programmatic control over the browser environment.\n- [EXTERNAL_DOWNLOADS]: The skill documentation suggests using npx agent-browser, which fetches the tool from the npm registry.\n- [DATA_EXFILTRATION]: The skill allows the agent to access the local filesystem via the --allow-file-access flag and file:// URLs, enabling the reading of local files (e.g., PDFs, HTML) into the agent's context.

agent-browser