The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions utilize curl commands to interact with a browser automation service running on the local host at http://localhost:8080.
[REMOTE_CODE_EXECUTION]: The /evaluate endpoint allows for the execution of arbitrary JavaScript code within the browser session, which is a powerful dynamic execution capability that could be misused if provided with malicious input.
[DATA_EXFILTRATION]: The skill has a broad data access surface, including the ability to retrieve page text, HTML content, accessibility snapshots, screenshots, and network request logs, which could lead to the exposure of sensitive user data.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from web pages while maintaining the ability to perform actions like typing, clicking, and file uploads. Ingestion points: /snapshot, /page-info, /page-text, /page-content, /console-messages, /network-requests. Boundary markers: None identified. Capability inventory: /navigate, /click, /type, /evaluate, /file-upload. Sanitization: No evidence of validation or sanitization of content extracted from web pages.

browserwing-executor