The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The run-code command facilitates the execution of arbitrary Playwright scripts. Analysis of references/running-code.md confirms this can be used to interact with the local file system (e.g., download.saveAs) and manage browser-level permissions.
[DATA_EXFILTRATION]: Dedicated commands like cookie-get, localstorage-get, and state-save provide direct access to sensitive browser state and authentication tokens. The skill includes security notes advising users not to commit these state files to version control.
[COMMAND_EXECUTION]: The eval command enables arbitrary JavaScript execution within the browser's page context, allowing for DOM manipulation and data extraction.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Untrusted data enters the context via open and snapshot commands. 2. Boundary markers: None are specified in the usage documentation. 3. Capability inventory: The skill has high-risk capabilities including run-code and eval. 4. Sanitization: No content sanitization or validation is described for ingested web data.
[EXTERNAL_DOWNLOADS]: The install-browser command performs network downloads of browser binaries from official sources. This is a standard setup procedure for the Playwright framework.

playwright-cli