The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The eval command (SKILL.md) allows the execution of arbitrary JavaScript within the browser context, providing a mechanism for dynamic code execution that can bypass standard security constraints and access sensitive internal page data.\n- [DATA_EXFILTRATION]: The skill enables local file access through the open file:// protocol and the upload command (SKILL.md). When combined with the browser's networking capabilities, this creates a significant risk for the unauthorized reading and exfiltration of sensitive local files if the agent is influenced by malicious instructions.\n- [COMMAND_EXECUTION]: The --executable-path flag (SKILL.md) allows specifying an arbitrary local binary to be used as the browser, which could be exploited to execute malicious code on the host system if the agent is directed to use an unauthorized path.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted web content via snapshot and get text commands (SKILL.md). [Mandatory Evidence Chain]: Ingestion points are the snapshot and get text commands; Boundary markers are absent; Capability inventory includes eval, upload, and open commands (SKILL.md); Sanitization is absent across all provided documentation and templates.\n- [CREDENTIALS_UNSAFE]: The cookies and state save commands (SKILL.md) enable the extraction and persistence of sensitive authentication tokens. These features represent a risk of credential exposure if the resulting session state files are stored or transmitted insecurely.

agent-browser