The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): In run.js, the skill captures input from process.argv or stdin, writes this content directly to a file (.temp-execution-[timestamp].js), and executes it via require(tempFile). This pattern allows any string provided to the skill to be executed as full-privilege Node.js code. This is a classic 'Script generation + execution' attack vector.\n
Evidence: run.js lines 156-160 (fs.writeFileSync(tempFile, code, 'utf8'); and require(tempFile);).\n- Indirect Prompt Injection (HIGH): The skill creates a high-capability execution surface (browser automation + local system access) that processes untrusted data without boundary markers or sanitization. If an agent is instructed to perform tasks based on content from an attacker-controlled source, that content could contain malicious code that this skill would execute without validation.\n
Ingestion points: run.js functions getCodeToExecute and wrapCodeIfNeeded.\n
Capability inventory: Full filesystem and network access via Node.js; full browser control via Playwright.\n
Sanitization: None detected.\n- EXTERNAL_DOWNLOADS (MEDIUM): The installPlaywright function in run.js automatically executes npm install and npx playwright install if the dependency is missing. This involves downloading and executing third-party code and binaries at runtime.\n
Evidence: run.js lines 42-43.

Playwright Browser Automation