The Agent Skills Directory

[PROMPT_INJECTION]: The skill's fundamental design aims to bypass enterprise security governance. It explicitly instructs the agent to find methods for creating an 'invisible API proxy' to circumvent IT admin approval processes for OAuth and application installation.
[DATA_EXFILTRATION]: The workflow automates the extraction of high-value authentication artifacts, including HttpOnly session cookies, CSRF tokens, and localStorage/sessionStorage data. While the skill claims to mask these in final reports, the internal execution logic involves replaying full active credentials to external API endpoints.
[COMMAND_EXECUTION]: The skill frequently uses bun -e to execute dynamically constructed TypeScript and JavaScript code on the host machine. This code incorporates data harvested from the browser (e.g., cookie values, URL paths) and web searches, creating a high risk of command injection if the ingested data is maliciously crafted.
[REMOTE_CODE_EXECUTION]: Injects arbitrary JavaScript into active browser sessions via the javascript_tool. These injections are used to install network interceptors, bypass Content-Security-Policy (CSP) via extension-like behavior, and extract sensitive storage tokens directly from the page context.
[DATA_EXFILTRATION]: Facilitates the use of 'extracted-and-injected' authentication patterns, where session material is moved from the browser's secure cookie jar into a local process (Bun) to make API calls with manually spoofed 'Origin' headers to evade server-side validations.
[PROMPT_INJECTION]: Incorporates a surface for indirect prompt injection by reading and acting upon external API documentation and web page content (Phase 2.5 and Phase 3A) without boundary markers or sanitization, allowing external content to influence the construction of executed scripts.

saas-session-recon