The Agent Skills Directory

[DATA_EXFILTRATION]: Accesses and duplicates sensitive local data. The skill instructions in reference/browser-debug/setup.md guide the agent to perform an incremental sync (rsync) of the user's primary Google Chrome profile located at ~/Library/Application Support/Google/Chrome to a new debug directory. This profile contains sensitive information including session cookies, browsing history, and saved credentials. While the stated goal is to facilitate debugging of authenticated modules, the scope of data access is excessive.
[COMMAND_EXECUTION]: Executes shell commands and scripts. The skill utilizes the Bash tool to run several internal utility scripts (browser-capture.mjs, config-exposes-check.js, etc.), execute curl for port connectivity checks on localhost:9222, and invoke package managers like pnpm or npm for dependency installation and project modification.
[EXTERNAL_DOWNLOADS]: Interacts with external network resources. The skill fetches documentation from module-federation.io and manifest data from unpkg.com. It also directs the installation of multiple Node.js packages from the official NPM registry, primarily under the @module-federation and @typescript scopes.
[REMOTE_CODE_EXECUTION]: Potential for indirect execution of instructions from external content. In reference/docs.md, the skill fetches and processes a documentation index (llms.txt) and specific pages from an external web server. It also captures and analyzes runtime variables and logs from user-provided URLs in scripts/browser-capture.mjs, which introduces a surface for indirect prompt injection (Category 8).

mf