The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands for browser navigation using file paths and routes derived from local git repository data (Step 3 and Step 4). This creates a risk of command injection if the repository contains maliciously named files or branch names designed to break out of the command string (e.g., using shell metacharacters like ; or &).\n- [DATA_EXFILTRATION]: The skill attempts to read local environment files (.env, .env.local, and .env.development) to identify the development server port (Step 5). While the grep pattern is specific to the PORT variable, accessing environment files is a high-risk activity as they frequently contain sensitive credentials and secrets.\n- [EXTERNAL_DOWNLOADS]: The skill performs a global installation of the agent-browser package from the npm registry and executes a secondary installation command (agent-browser install) which typically downloads external browser binaries or dependencies.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from git diffs and pull request metadata (Step 3). It lacks boundary markers or sanitization for this content (Sanitization: Absent) while possessing significant capabilities including shell execution and browser control (Capability inventory), although the risk is mitigated by human verification steps in Step 8.

test-browser