The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides a CLI for browser automation, including an eval command for executing JavaScript in the browser context. It supports Base64-encoded scripts (eval -b) to prevent shell character corruption during prompt interpolation.
[EXTERNAL_DOWNLOADS]: The skill utilizes npx to execute the agent-browser utility, which involves fetching the package from the npm registry if not already present in the environment.
[PROMPT_INJECTION]: As the tool processes untrusted web content (via snapshot, get text, and console), it is vulnerable to indirect prompt injection where malicious instructions on a webpage could influence the agent. The skill explicitly provides and recommends the AGENT_BROWSER_CONTENT_BOUNDARIES feature to mitigate this risk by wrapping output in verifiable markers.
[COMMAND_EXECUTION]: Support for the file:// protocol allows the agent to read local files if the --allow-file-access flag is explicitly enabled, creating a potential path for local data exposure if misused.
[DATA_EXFILTRATION]: The tool can save browser session states (including cookies and local storage) to JSON files. While these are plaintext by default, the skill documentation provides instructions for encrypting these files at rest using AGENT_BROWSER_ENCRYPTION_KEY.

agent-browser