The Agent Skills Directory

[COMMAND_EXECUTION]: The main script (scripts/main.cjs) utilizes child_process.spawn to run a localized browser automation tool. Additionally, the troubleshooting documentation in SKILL.md contains shell commands for modifying Chrome's Native Messaging Host configurations, which an agent might attempt to execute if tasked with resolving extension connectivity issues.
[REMOTE_CODE_EXECUTION]: The skill includes tools such as mcp__chrome-devtools__evaluate_script and mcp__claude-in-chrome__javascript_tool that enable the execution of dynamic JavaScript code within the context of the browser. This is a standard requirement for browser automation and testing.
[PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection. 1. Ingestion points: Untrusted data enters the agent context through tools in SKILL.md that navigate pages (navigate_page), extract text (get_page_text), and monitor console logs (list_console_messages) or network traffic. 2. Boundary markers: None identified; no specific delimiters or instructions are provided to help the agent distinguish between internal instructions and content from external pages. 3. Capability inventory: Across its scripts and tool definitions, the skill possesses high-impact capabilities, including clicking elements, filling forms, uploading files, and executing arbitrary JavaScript. 4. Sanitization: There is no evidence of sanitization, escaping, or filtering of external content before it is interpolated into the agent's context.

chrome-browser