The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses playwright-cli and specialized MCP tools like mcp__claude-in-chrome__javascript_tool and mcp__plugin_playwright_playwright__browser_run_code to automate browser actions. These tools allow the agent to click elements, fill forms, and execute script logic within the browser context to perform functional testing.
[DATA_EXPOSURE]: Through the Chrome MCP, the skill accesses the user's active browser session. This includes existing cookies and OAuth states, allowing the agent to audit applications where the user is already authenticated. This is a powerful data access point but is central to the skill's requirement for testing authenticated user journeys.
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it reads untrusted data from external websites and has the capability to perform actions based on that content.
Ingestion points: Data enters the context via mcp__claude-in-chrome__read_page and mcp__plugin_playwright_playwright__browser_snapshot (SKILL.md, references/browser-tools.md).
Boundary markers: Absent; there are no specific markers or instructions to isolate retrieved web content from the agent's command logic.
Capability inventory: The skill can navigate the browser, interact with UI elements, execute JavaScript, and write report files to the local docs/ directory.
Sanitization: There is no mention of sanitizing or filtering retrieved HTML or text content before evaluation.

ux-audit