The Agent Skills Directory

[SAFE]: The skill provides a legitimate workflow for LCP performance debugging using industry-standard tools and methodologies.\n- [COMMAND_EXECUTION]: The skill correctly uses evaluate_script to execute benign JavaScript snippets designed to extract performance metrics from the browser environment.\n- [EXTERNAL_DOWNLOADS]: The skill navigates to user-provided URLs to perform performance analysis. While this involves ingesting data from external sources, it is the primary and intended function of the skill.\n- [PROMPT_INJECTION]: A surface for indirect prompt injection exists as the agent processes content from external websites.\n- Ingestion points: External site content is ingested through the navigate_page and evaluate_script tools, specifically via DOM snippets extracted in references/lcp-snippets.md.\n- Boundary markers: There are no explicit instructions or delimiters used to separate user-provided content from the agent's instructions.\n- Capability inventory: The skill has the ability to execute scripts on the analyzed page using evaluate_script.\n- Sanitization: The extraction script captures raw DOM data (e.g., img.outerHTML), which could potentially contain malicious instructions from an attacker-controlled website.

debug-optimize-lcp