The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses several shell commands to determine the environment and test scope.
Executes git diff and gh pr view to identify files modified in a branch or PR.
Uses grep to scan package.json, CLAUDE.md, and .env files to automatically detect the local development server port.
Executes command -v agent-browser to check for the presence of required tooling.
[EXTERNAL_DOWNLOADS]: The skill manages its own dependencies by installing external software.
Installs the agent-browser package globally using npm install -g if it is not detected on the system.
Runs agent-browser install which downloads a headless Chromium binary (approximately 160MB) for browser automation.
[DATA_EXFILTRATION]: The skill reads local configuration and environment files (.env, .env.local, .env.development).
While these files often contain secrets, the skill specifically greps for the PORT= pattern to configure its testing URL, which is a common and legitimate practice for development tools.
[PROMPT_INJECTION]: The skill processes data from the application's UI via browser snapshots.
Ingestion points: Reads content from local web routes (e.g., http://localhost:3000/users) and captures interactive element snapshots using agent-browser snapshot -i (File: SKILL.md).
Boundary markers: None identified for browser-rendered content.
Capability inventory: Can execute shell commands, install NPM packages, and perform browser interactions (click, fill, type) (File: SKILL.md).
Sanitization: No explicit sanitization of UI content is performed before interaction. While this creates a surface for indirect prompt injection (where malicious instructions in the app UI could influence the agent), the risk is low and inherent to browser automation tasks.

test-browser