The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the agent-browser tool within a Bash environment to perform complex browser automation tasks, including session connection, navigation, and interactive element manipulation.
[DATA_EXFILTRATION]: The skill is designed to capture and save Slack workspace data, including messages, user information, and visual snapshots (screenshots), to local files for further processing and reporting.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes untrusted data from an external source (Slack).
Ingestion points: Slack message content, channel names, and user data are ingested into the agent context via agent-browser snapshot and agent-browser get text commands.
Boundary markers: Absent. The instructions do not provide delimiters or specific guidance for the agent to distinguish between valid data and potential malicious instructions embedded within Slack messages.
Capability inventory: The agent has access to Bash commands and specialized browser tools (click, fill, press) that can modify the state of the Slack workspace or perform actions on behalf of the user.
Sanitization: Absent. There is no evidence of sanitization or validation of the extracted Slack content before it is processed by the agent.

slack