The Agent Skills Directory

[COMMAND_EXECUTION]: Uses sudo apt-get install to acquire administrative privileges and install system packages (ffmpeg).\n- [COMMAND_EXECUTION]: The record.mjs script executes shell commands via child_process.execSync using the output variable derived directly from command-line arguments, creating a potential command injection vector.\n- [EXTERNAL_DOWNLOADS]: Downloads the playwright package and associated browser binaries from the NPM registry and Playwright's official distribution channels at runtime.\n- [DATA_EXFILTRATION]: Automatically captures browser screenshots and video recordings of web applications (including those running on localhost) and uploads them to Amazon S3 with public-read permissions (--acl public-read), which may inadvertently expose sensitive UI data or configuration details.\n- [PROMPT_INJECTION]: The skill processes untrusted JSON data from the actions argument in record.mjs without sanitization or boundary markers (Ingestion points: SKILL.md; Boundary markers: Absent; Capability inventory: child_process.execSync, page.click, page.fill, page.screenshot; Sanitization: Absent), which could be exploited via indirect prompt injection to manipulate browser interactions or exfiltrate data from the page being recorded.

visual-evidence