The Agent Skills Directory

[Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it processes content from external websites.\n- Ingestion points: browser_navigate, browser_snapshot, and browser_console_messages in SKILL.md bring external data into the agent's context.\n- Boundary markers: Absent; there are no instructions to ignore embedded commands in the web data.\n- Capability inventory: High; the skill uses Playwright tools for navigation, interaction, and debugging.\n- Sanitization: Absent; web content is processed without filtering.\n- [External Downloads] (SAFE): The browser_install tool is used for standard Playwright environment setup.

eyes