The Agent Skills Directory

[Indirect Prompt Injection] (LOW): Vulnerability surface identified where untrusted data from external web pages is ingested into the agent context. Ingestion points: browser action=snapshot, browser action=screenshot, and browser action=console in SKILL.md. Boundary markers: Absent; there are no instructions to the agent to distinguish between its own goal and instructions found on the target web pages. Capability inventory: The agent can perform browser interactions (browser action=act) and execute shell commands (mkdir -p). Sanitization: Absent; content from the browser is used directly to generate reports.
[Command Execution] (SAFE): Use of standard shell utilities like mkdir -p for directory management is expected for this skill's workflow.

user-testing