The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill platform dynamically loads and executes TypeScript files located in the src/clis/ directory at runtime. It also utilizes an evaluate pipeline step that allows for the execution of arbitrary JavaScript within the browser context to perform data extraction and page interaction.\n- [COMMAND_EXECUTION]: The skill defines a wide array of commands (80+) that execute browser automation logic and interact with the Chrome DevTools Protocol (CDP) to manipulate web pages and Electron applications.\n- [DATA_EXFILTRATION]: The tool includes specific functionality to extract sensitive authentication data from the browser, including cookies, Bearer tokens, and CSRF identifiers (e.g., Twitter ct0), which could be misused to exfiltrate session credentials.\n- [PROMPT_INJECTION]: The skill has a large attack surface for indirect prompt injection because it is designed to ingest and process untrusted data from web sources. 1. Ingestion points: Data retrieved from sources like Bilibili subtitles, Reddit comments, and Twitter threads (SKILL.md). 2. Boundary markers: Absent; there are no documented instructions for using delimiters to isolate external data from the agent's instructions. 3. Capability inventory: The skill can execute arbitrary JavaScript in the browser and run local CLI commands (CLI-EXPLORER.md). 4. Sanitization: Absent; while basic HTML stripping is mentioned for data presentation, no sanitization of potential prompt instructions is performed.\n- [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the vendor's core CLI package and a dedicated browser bridge extension from official repositories during the setup process.

opencli