The Agent Skills Directory

[SAFE]: The skill instructions define a standard set of browser automation commands for interacting with web pages. These operations, such as navigation and DOM interaction, are consistent with the skill's stated purpose.
[SAFE]: Session management functionality via the state save/load commands is a legitimate feature for maintaining authentication state across browser sessions and does not involve unsafe credential handling.
[SAFE]: The skill has an inherent surface for indirect prompt injection because it retrieves and processes content from external, untrusted websites. This is documented as follows: 1. Ingestion points: The snapshot and get text commands in SKILL.md retrieve data from external web pages. 2. Boundary markers: No specific delimiters are defined to separate untrusted web content from agent instructions. 3. Capability inventory: The agent can perform complex interactions such as form submission and session state persistence. 4. Sanitization: No explicit content sanitization is described before returning data to the agent context. This surface is a normal characteristic of browser-based skills.

agent-browser