The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (LOW): The scripts/install-browsers.sh script executes npx playwright install to download browser binaries (Chromium, Firefox, WebKit) from Microsoft's servers. This is standard behavior for the library but involves remote binary execution on the host system.
[Data Exposure & Exfiltration] (LOW): The templates/authenticated-session.ts script stores sensitive authentication cookies in a local file named session.json. While necessary for session persistence, this plaintext storage creates a risk of session hijacking if the file is shared or if the local filesystem is not secured.
[Indirect Prompt Injection] (LOW): As a web scraping tool, the skill ingests untrusted data from external websites and returns it to the agent. It lacks sanitization or explicit boundary markers to prevent malicious instructions embedded in web content from influencing the agent's behavior. Evidence: Ingestion points in basic-scrape.ts; missing boundary markers in all templates; capability inventory includes file writes and network access; no sanitization of extracted strings.
[Dynamic Execution] (LOW): Multiple templates use page.evaluate() and page.addInitScript() to execute custom JavaScript within the browser context to manipulate the environment or handle UI interactions. While common in scraping, this represents runtime code execution based on script logic.

playwright-local