The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses a custom command-line tool bb-browser via Bash to perform browser automation tasks, such as navigating to URLs, interacting with page elements, and managing browser tabs.\n- [REMOTE_CODE_EXECUTION]: The bb-browser eval command allows for the execution of arbitrary JavaScript code within the browser context. This dynamic execution capability can be used to extract data or manipulate page logic.\n- [DATA_EXFILTRATION]: The skill is designed to leverage existing user login states to access private information from internal systems, enterprise applications, and personal accounts. This capability poses a risk of unauthorized data exposure if the agent is directed to sensitive URLs.\n- [PROMPT_INJECTION]: The skill processes untrusted content from arbitrary web pages, making it susceptible to indirect prompt injection attacks.\n
Ingestion points: Untrusted web data enters the agent context through bb-browser snapshot, bb-browser get text, and bb-browser eval as documented in SKILL.md.\n
Boundary markers: There are no explicit instructions or delimiters provided to prevent the agent from following instructions embedded within the retrieved web content.\n
Capability inventory: The skill possesses broad capabilities including shell command execution, browser interaction (click, fill), JavaScript execution, and network request monitoring.\n
Sanitization: The skill does not describe any mechanisms for sanitizing or validating the content retrieved from external URLs before processing it.

bb-browser