The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches an official GPG signing key from Google's repository (dl-ssl.google.com) to verify the integrity of the Google Chrome package during installation.
[REMOTE_CODE_EXECUTION]: Instructs the agent to download and pipe a trusted key into the system's package manager (apt-key) to facilitate prerequisite software setup.
[COMMAND_EXECUTION]: Uses privileged sudo commands to perform administrative tasks such as updating package lists and installing system-level software dependencies.
[DATA_EXFILTRATION]: Accesses sensitive browser session data, including cookies via the /api/v1/cookies/browser endpoint, which is required for its core functionality of managing authenticated automation sessions.
[PROMPT_INJECTION]: Identifies a potential indirect prompt injection surface within the AI Autonomous Exploration feature, which ingests and processes untrusted content from external websites. 1. Ingestion points: The AI exploration API accepts arbitrary starting URLs and task descriptions. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded content are documented. 3. Capability inventory: The skill can control browser instances, execute automation scripts, and interact with the local API. 4. Sanitization: No specific sanitization or filtering of external web content is described.

browserwing-admin