The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the actionbook CLI to perform all browser operations, including managing local browser profiles and starting a background WebSocket bridge server via extension serve.
[REMOTE_CODE_EXECUTION]: The browser eval command allows the agent to execute arbitrary JavaScript code within the context of any visited web page, enabling complex interactions but also posing a risk if used on malicious sites.
[DATA_EXFILTRATION]: The skill can access and export sensitive information such as browser cookies (browser cookies), page text, and screenshots. When used in 'Extension' mode, this capability extends to the user's personal browser sessions and logged-in accounts.
[PROMPT_INJECTION]: The skill is highly exposed to indirect prompt injection (Category 8) because its core function involves reading and acting upon data from untrusted websites.
Ingestion points: Uses actionbook browser snapshot, actionbook browser text, and actionbook browser html to read data from the current page.
Boundary markers: No specific delimiters or safety instructions are provided to help the agent distinguish between its own goals and instructions embedded in the scraped content.
Capability inventory: The agent can navigate pages, fill forms, manipulate cookies, and execute scripts, providing a significant impact if an injection occurs.
Sanitization: Web content is ingested and processed without any apparent sanitization or filtering to remove potentially malicious commands.
[COMMAND_EXECUTION]: The extension install command modifies the local system by extracting extension files and registering a native messaging host for Chrome.

actionbook