The Agent Skills Directory

[COMMAND_EXECUTION]: The script uses child_process.spawn to instantiate its own code as a background daemon process, ensuring persistent connectivity to browser tabs outside the primary execution thread.\n- [REMOTE_CODE_EXECUTION]: The skill provides eval and evalraw commands that execute arbitrary JavaScript or raw protocol methods directly within the browser context, bypassing standard sandbox constraints.\n- [REMOTE_CODE_EXECUTION]: Commands such as click, html, and loadall dynamically construct JavaScript strings at runtime for execution through the Chrome DevTools Protocol's evaluation functionality.\n- [DATA_EXFILTRATION]: The skill accesses sensitive browser artifacts including page HTML, accessibility tree snapshots, and viewport screenshots. It also reads the local DevToolsActivePort file (e.g., in User Data directories) to obtain debugging session tokens.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: accessibility snapshots (snap), HTML extraction (html), and JavaScript execution (eval). 2. Boundary markers: No delimiters or ignore-instructions warnings are present. 3. Capability inventory: Navigation, arbitrary JS execution, and file system writes (screenshots). 4. Sanitization: No filtering is performed on ingested web content before it enters the agent context.

chrome-cdp