The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches the agent-browser CLI from Vercel Labs' GitHub repository and official npm registry. Vercel Labs is a trusted organization, making this download safe.
[COMMAND_EXECUTION]: Includes an eval command that allows the execution of arbitrary JavaScript within the web browser's context. This is a standard feature for automation tools but provides a path for dynamic code execution.
[DATA_EXFILTRATION]: Provides the ability to read, save, and restore browser session states, including cookies and local storage. These commands can access sensitive authentication tokens.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection risks due to its core function of processing external web data.
Ingestion points: Untrusted content from websites is retrieved using snapshot, get, and find commands.
Boundary markers: There are no instructions or delimiters in the documentation to ensure the agent ignores malicious instructions embedded in the retrieved web content.
Capability inventory: The skill uses a Bash tool with significant capabilities, including file system access (state save, screenshot) and network navigation.
Sanitization: Web data is presented to the agent without evident filtering or sanitization of potentially malicious instructions.

agent-browser