The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to interact with external, potentially untrusted web content using browser automation tools.
Ingestion points: The tools playwright_navigate, playwright_get_visible_html, and playwright_console_logs allow the agent to ingest content from arbitrary URLs.
Boundary markers: The skill does not provide specific instructions or delimiters to the agent to ignore instructions embedded in the HTML or console logs of the sites being tested.
Capability inventory: The agent can perform state-changing actions via playwright_click and playwright_fill, and capture data via playwright_screenshot.
Sanitization: No evidence of sanitization or validation of the external content before processing is present in the skill definition.
Unverifiable Dependencies (SAFE): The skill references standard industry tools (Playwright 1.40+ and Detox 20.x). These are well-known packages and no malicious installation patterns were found.

e2e-tester