The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/setup_webctl.py script executes shell commands using subprocess.run(shell=True) to automate the installation of the webctl package and its browser dependencies.- [REMOTE_CODE_EXECUTION]: The setup script performs runtime modification of local files by patching session_manager.py within the webctl package and dynamically deploying auth_proxy.py to the package directory for runtime loading.- [CREDENTIALS_UNSAFE]: The scripts/auth_proxy.py component implements a local proxy on 127.0.0.1:18080 that accesses and processes sensitive JWT credentials from the HTTP_PROXY environment variable.- [PROMPT_INJECTION]: The skill ingests untrusted data from the web using webctl snapshot, which could contain malicious instructions. 1. Ingestion point: webctl snapshot output in SKILL.md. 2. Boundary markers: None provided to separate untrusted content. 3. Capability inventory: Includes interaction tools like webctl click and webctl type. 4. Sanitization: No content validation or sanitization is implemented.

using-webctl