The Agent Skills Directory

PROMPT_INJECTION (LOW): Indirect Prompt Injection vulnerability surface detected. The skill ingests data from external websites that could contain malicious instructions designed to influence the agent's behavior.
Ingestion points: agent-browser snapshot and agent-browser get text commands in templates/capture-workflow.sh, templates/form-automation.sh, and references/snapshot-refs.md.
Boundary markers: No specific delimiters or warnings used to isolate untrusted web content from the agent's instructions.
Capability inventory: The skill possesses capabilities for form submission (fill, click, select), cookie/session management (state save/load), and file system operations (screenshot, pdf, rm).
Sanitization: No evidence of sanitization or validation of the text/HTML extracted from target pages.
CREDENTIALS_UNSAFE (LOW): Reference files and templates contain hardcoded placeholder credentials and patterns that encourage storing secrets in environment variables or configuration files.
Evidence: references/authentication.md includes hardcoded dummy credentials like "password123". references/proxy-support.md demonstrates patterns for including credentials directly in proxy URLs.
SAFE (INFO): The documentation includes security best practices, such as using .gitignore to prevent session state files (which contain tokens) from being committed to version control.

agent-browser