The Agent Skills Directory

Data Exposure & Exfiltration (MEDIUM): The 'LOGIN_GUIDE.md' file instructs users to compress and transfer their entire browser profile directory (~/.agent-browser/main) to remote servers using scp. These profiles contain session cookies and authentication tokens. Facilitating the movement of session data to remote environments poses a high risk of account hijacking.
Remote Code Execution (MEDIUM): The 'browser-smart.md' method uses 'mcp__browsermcp__browser_evaluate_script' to execute arbitrary JavaScript within the browser context. This capability could be abused if the agent is directed to a malicious webpage.
Indirect Prompt Injection (LOW): The 'summary.md' prompt processes external content from news sites and RSS feeds. The skill lacks robust sanitization or specific boundary markers to prevent embedded instructions within the fetched data from influencing the agent's behavior.
Ingestion points: Data enters the system via 'rss.py' (XML feeds), 'WebFetch' (HTML), and 'browser_snapshot' (Accessibility Trees).
Boundary markers: The prompts use Markdown headers for structure but do not include explicit 'ignore embedded instructions' directives.
Capability inventory: The agent can write to local SQLite databases and create static files via the 'build.py' script mentioned in README.
Sanitization: No explicit sanitization of text content from external sources is performed before it is interpolated into LLM prompts.
External Downloads (LOW): The skill requires the installation of 'feedparser' (Python) and 'agent-browser' (Node.js) to function as intended.

daily-news