The Agent Skills Directory

Dynamic Execution (HIGH): The playwright-cli run-code and playwright-cli eval commands allow for the execution of arbitrary JavaScript and Playwright code. This is a high-risk capability that could be exploited to perform complex malicious actions if the agent is influenced by malicious input.
Data Exposure & Exfiltration (HIGH): The skill includes commands like state-save, cookie-list, and screenshot which can be used to extract sensitive authentication tokens and session data. The upload command also allows the agent to read local files.
Indirect Prompt Injection (LOW): The skill is designed to interact with untrusted web content, which serves as a major ingestion point for malicious instructions. 1. Ingestion points: Web pages visited via open or goto (SKILL.md). 2. Boundary markers: Absent; no sanitization or ignore-instructions are present. 3. Capability inventory: Arbitrary JS execution (run-code), file writes (state-save), and file reads (upload) across multiple scripts (SKILL.md, references/running-code.md). 4. Sanitization: Absent.
External Downloads (MEDIUM): The install-browser command (SKILL.md) downloads and installs binary browser components from external sources, which is a significant but often necessary dependency for browser automation.

playwright-cli