The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation instructs users to install the 'agent-browser' package globally via npm and to download Chromium binaries. These resources are hosted by or associated with Vercel Labs, which is a trusted organization.\n
Evidence: npm install -g agent-browser and agent-browser install mentioned in SKILL.md.\n- [COMMAND_EXECUTION]: The skill includes a Python script for environment verification and instructions for system-level adjustments using elevated privileges.\n
Evidence: scripts/check_environment.py uses subprocess.run to execute version checks for Node.js, npm, and the agent-browser CLI.\n
Evidence: The troubleshooting guide in references/troubleshooting.md suggests using sudo to install Playwright system dependencies and chmod to modify permissions.\n- [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection as it facilitates the ingestion of untrusted data from the web into the agent's context.\n
Ingestion points: The snapshot, get text, and get html commands in SKILL.md and references/commands.md allow the agent to read content from arbitrary URLs.\n
Boundary markers: The documentation does not provide specific instructions for using delimiters or warnings to ignore instructions embedded in the fetched web content.\n
Capability inventory: The agent is granted high-impact capabilities including navigation, form submission (fill, click), and file uploads (upload).\n
Sanitization: There is no evidence of sanitization or validation performed on the web content before it is passed to the AI agent.

agent-browser