The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes several system-level binaries using execFileSync in cdp-launch.js and cdp-type.js. This includes launching Google Chrome with the open command, managing the system clipboard via pbcopy, and performing GUI automation with osascript (AppleScript) to simulate keyboard shortcuts like Cmd+V. These commands allow for significant control over the host operating system.
[REMOTE_CODE_EXECUTION]: The SKILL.md instructions utilize the Playwright MCP browser_run_code tool. This function allows for the execution of arbitrary, unverified JavaScript snippets within a browser session to interact with web elements, which bypasses standard script safety boundaries.
[EXTERNAL_DOWNLOADS]: The skill requires the external NPM package chrome-remote-interface to be installed globally. This package is necessary for the skill to communicate with Chrome via the DevTools Protocol.
[PROMPT_INJECTION]: The skill is designed to process user-provided text for social media posts. Although the instructions explicitly forbid auto-posting and require manual confirmation, the automation pipeline remains an attack surface for indirect prompt injection if malicious input is crafted to manipulate the agent's browser automation steps.
[DATA_EXFILTRATION]: The scripts create and access persistent data in the user's home directory, specifically ~/.chrome-cdp-profile for browser sessions and ~/.chrome-cdp-port for port tracking. While intended for functional persistence, these locations contain sensitive browser state information.

x-composer