The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the opencli suite of tools (e.g., opencli browser, opencli doctor) executed via the Bash tool to perform site reconnaissance, diagnostics, and adapter verification.
[DATA_EXPOSURE_AND_EXFILTRATION]: Instructions in api-discovery.md guide the agent to extract session tokens, cookies, and localStorage data from target websites. This data is used to configure adapters locally in ~/.opencli/ and the skill mandates data de-sensitization before storing response samples.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external websites via browser network logs and page evaluations. This creates an indirect prompt injection surface as the agent processes this data while possessing file-write and command-execution capabilities. Ingestion points: opencli browser network and opencli browser eval outputs. Boundary markers: Absent. Capability inventory: Bash, Write, Edit, Read, Grep. Sanitization: No specific instructions are provided to sanitize or escape website content before processing.
[DYNAMIC_EXECUTION]: The skill involves generating JavaScript adapter files and executing them via verification tools. It also uses page.evaluate to run custom JavaScript within the browser context for API interception and state extraction.

opencli-adapter-author