The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides an extensive set of tools via the agent-browser CLI for controlling web browsers, including navigation, form filling, and UI interaction.
[REMOTE_CODE_EXECUTION]: The eval command allows for the execution of arbitrary JavaScript code within the browser context. It specifically supports a --base64 or -b flag for passing encoded scripts, which is intended to avoid shell escaping issues but can also obfuscate the code being executed.
[DATA_EXFILTRATION]: The skill can capture page content, screenshots, and PDFs. With the --allow-file-access flag, the tool can read local files from the filesystem using file:// URLs, potentially exposing sensitive local data.
[CREDENTIALS_UNSAFE]: The state save and auth save commands persist browser sessions, including cookies and local storage tokens, to the filesystem in JSON format. While the skill documentation advises against committing these files, they remain a source of sensitive data exposure on the host.
[PROMPT_INJECTION]: The tool is designed to process untrusted data from web pages, creating an attack surface for indirect prompt injection. The skill includes an optional AGENT_BROWSER_CONTENT_BOUNDARIES feature to help agents distinguish between tool-generated output and untrusted page content.

agent-browser