The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions in SKILL.md that direct the agent to autonomously run package managers such as npm, yarn, or pnpm to install the @testmuai/browser-cloud SDK if it is not already present in the user workspace.
[COMMAND_EXECUTION]: The CrewAI integration implementation (references/integrations/crewai.md) uses subprocess.run to execute a Node.js bridge script from Python, exposing the entire environment to the subprocess.
[EXTERNAL_DOWNLOADS]: The skill facilitates downloading vendor-specific packages from public registries. Per [TRUST-SCOPE-RULE], these are documented neutrally as vendor resources.
[CREDENTIALS_UNSAFE]: The auth-persistence pattern described in references/patterns/auth-profile.md stores session cookies in plain text within a local .profiles/ directory, though it includes a warning to exclude this directory from version control.
[DATA_EXFILTRATION]: The skill provides patterns for reading and writing local files to the filesystem to support file uploads and downloads through the cloud browser (references/patterns/files.md).
[PROMPT_INJECTION]: The skill ingests untrusted content from the web and returns it to the agent, creating a surface for indirect prompt injection.
Ingestion points: Functions like scrape, navigate, and browse_url in SKILL.md and examples/scrape-agent.ts.
Boundary markers: Absent. The skill does not wrap fetched web content in delimiters or provide safety instructions for the agent to ignore embedded instructions.
Capability inventory: The skill allows filesystem access, network communication via cloud browsers, and shell command execution.
Sanitization: Absent. Content is passed to the agent as raw text or markdown with only character slicing, without escaping or filtering.

browser-cloud