The Agent Skills Directory

[DATA_EXFILTRATION]: The skill operates using existing Chrome login sessions, providing the agent with access to authenticated data, cookies, and sensitive personal information within the browser environment.
[DATA_EXFILTRATION]: The opencli browser network command enables the agent to inspect captured API requests and response bodies, which may include sensitive authentication headers or private data.
[REMOTE_CODE_EXECUTION]: The skill includes a workflow to generate (init) and execute (verify) TypeScript adapters stored in the local filesystem (~/.opencli/clis/), which constitutes a dynamic code execution pattern.
[COMMAND_EXECUTION]: The opencli browser eval command allows for the execution of arbitrary JavaScript code within the context of the active web page.
[COMMAND_EXECUTION]: The skill relies on the execution of the opencli command-line utility via the Bash tool to perform its primary functions.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'OpenCLI Browser Bridge' Chrome extension and the opencli daemon as external prerequisites.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted content from web pages that could contain malicious instructions.
Ingestion points: Web page content retrieved via state, get html, eval, and network commands.
Boundary markers: No explicit markers or instructions are provided to the agent to treat page content as untrusted data.
Capability inventory: The skill possesses filesystem access (Read, Edit, Write), network interaction through the browser, and shell command execution via the opencli tool.
Sanitization: There is no evidence of sanitization or validation performed on the data ingested from external websites.

qiaomu-opencli-browser