The Agent Skills Directory

[COMMAND_EXECUTION]: The skill exposes the agent-browser CLI tool, which grants the agent extensive control over a browser environment, including the ability to manipulate headers, set credentials, and upload local files.
[REMOTE_CODE_EXECUTION]: The agent-browser eval command permits the execution of arbitrary JavaScript within the browser's context, providing a mechanism to bypass standard UI interactions or programmatically interact with the page.
[DATA_EXFILTRATION]: The tool includes built-in commands to retrieve sensitive browser information, such as agent-browser cookies and agent-browser storage local, which could be used to compromise user sessions if accessed by an untrusted agent.
[PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection because it processes untrusted data from the web.
Ingestion points: Web content is ingested through snapshot, get text, get html, and console logs.
Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore embedded commands in the retrieved web data.
Capability inventory: The agent can perform a variety of actions based on the ingested content, including further navigation, form interaction, and running scripts via eval.
Sanitization: There is no mention of sanitization or filtering of the content retrieved from external websites before it is presented to the agent.

agent-browser