The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions to launch various desktop applications (Slack, VS Code, Discord, etc.) with the --remote-debugging-port flag enabled (e.g., open -a "Slack" --args --remote-debugging-port=9222 in SKILL.md). This allows the agent to control the application and access its internal data via the Chrome DevTools Protocol.
[PROMPT_INJECTION]: The skill's primary function involves processing data from third-party applications, which constitutes an attack surface for indirect prompt injection.
Ingestion points: The agent is instructed to capture snapshots and text from running Electron applications using agent-browser snapshot and agent-browser get text (found in SKILL.md).
Boundary markers: The skill lacks instructions or delimiters to isolate untrusted data from the application from the agent's core system instructions.
Capability inventory: The agent possesses capabilities to execute shell commands and interact with application UIs (click, type, fill) through the agent-browser tool (found in SKILL.md).
Sanitization: There is no evidence of sanitization, filtering, or validation performed on the data retrieved from the target applications.

electron