The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): The skill implements a persistent browser server that executes arbitrary Python code provided over a Unix socket. Specifically, scripts/browser_server.py in the execute_command function (lines 115-132) uses eval() and exec() on strings received from clients without any sanitization or sandboxing.
COMMAND_EXECUTION (CRITICAL): The script scripts/run_browser_ops.py (lines 75-98) accepts arbitrary strings via the -c command-line argument and executes them using eval() and exec(). This allows any user (or the AI agent itself if prompted maliciously) to run arbitrary system commands via Python's os or subprocess modules.
CREDENTIALS_UNSAFE (HIGH): The scripts/admin_login.py utility requires administrative credentials (username and password) to be passed as plain-text command-line arguments. This practice exposes sensitive secrets to any user on the system who can view the process list (e.g., via ps or top) and may record passwords in shell history files.
INDIRECT_PROMPT_INJECTION (HIGH): The skill is designed to scrape and interact with external web content (Magento Admin panels). Because it lacks input sanitization and uses highly permissive execution tools (eval/exec), it is vulnerable to indirect injection. An attacker could place malicious instructions inside a web page element (like a customer name or search term) which, when read by the agent via snapshot() and passed to the execution scripts, would result in code execution.
SUSPICIOUS_MALICIOUS_URL (INFO): An automated scanner flagged browser.se. Upon analysis, this appears to be a false positive caused by the scanner misinterpreting the Python method browser.select_option as a domain name.

shopping-admin-browser-automation