The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides detailed instructions for executing local development commands such as opencli explore, opencli record, and opencli generate to automate the analysis of target websites.
[DATA_EXFILTRATION]: The guide includes templates for handling authentication artifacts like session cookies and CSRF tokens (e.g., using credentials: 'include' in fetch calls). These are documented as necessary components for building CLI tools that interact with authenticated web services.
[PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection as generated adapters process untrusted data from external websites. Evidence chain: 1. Ingestion points: Web API responses and HTML processed in the evaluate step. 2. Boundary markers: The documentation instructs the use of JSON.stringify when passing variables to browser scripts to prevent injection. 3. Capability inventory: Use of browser_navigate, page.evaluate, and fetch within the browser context. 4. Sanitization: The provided SDK templates include utilities like stripHtml to clean data before display.
[SAFE]: The skill functions as a developer utility guide. All advanced capabilities, including browser manipulation and dynamic adapter registration, are transparently presented as core features aligned with the skill's primary purpose.

qiaomu-opencli-explorer