The Agent Skills Directory

[CREDENTIALS_UNSAFE] (LOW): Hardcoded test credentials (demo@test.com / 123123) are provided in the documentation for local authentication flows. While functional for testing, hardcoding credentials is a best-practice violation.\n- [COMMAND_EXECUTION] (LOW): The skill instructs the user or agent to execute pnpm start to run the local application server. This is a standard and expected command for the described development workflow.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it uses a browser to ingest and interact with untrusted DOM content. Evidence:\n
Ingestion points: The agent navigates to and reads content from http://localhost:4200/ and its sub-routes (SKILL.md).\n
Boundary markers: No explicit delimiters or instructions to ignore commands embedded in the web content are provided.\n
Capability inventory: The skill utilizes chrome-devtools-mcp to navigate, fill forms, click elements, and monitor the console (SKILL.md).\n
Sanitization: There is no evidence of sanitization or filtering of the ingested web content before processing.

mcp-chrome-devtools