The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill setup script downloads a Bun installation script from 'https://bun.sh/install'. This is a standard installation procedure for a well-known development tool. The script includes a SHA256 checksum verification ('actual_sha=$(shasum -a 256 "$tmpfile" | awk '{print $1}')') before execution to ensure the integrity of the downloaded code.
[COMMAND_EXECUTION]: The skill's preamble and setup routines use the Bash tool to manage its environment, build the browser binary, and handle telemetry. These commands utilize absolute paths and are integrated into the skill's operational workflow for task management and system diagnostics.
[DATA_EXFILTRATION]: The skill implements significant safeguards against exfiltration. It includes modules specifically for redacting sensitive query parameters, headers, and form values (e.g., 'password', 'token', 'secret'). The URL validation logic explicitly blocks requests to cloud metadata services (e.g., 169.254.169.254) and internal ULA address ranges to prevent SSRF-based data theft.
[PROMPT_INJECTION]: Multiple files contain prompt injection patterns (e.g., 'IGNORE ALL PREVIOUS INSTRUCTIONS'), but these are located within test fixtures or documentation explaining security boundaries. The skill employs a sophisticated 'ensemble' defense strategy, combining deterministic filters (stripping hidden elements) and ML-based classifiers to detect and mitigate injection attempts from external web content.

browse