The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The setup-env.sh script suggests the installation of the NVM utility via a piped bash command from a remote GitHub repository.
[COMMAND_EXECUTION]: The skill uses shell scripts to perform system operations, including process termination using pkill to manage browser instances and directory creation within the user's home folder.
[EXTERNAL_DOWNLOADS]: The skill initiates the download of Playwright and Chromium binaries through Node.js package managers as part of its environment setup.
[DATA_EXFILTRATION]: The skill accesses sensitive authentication sessions stored in ~/.playwright-auth.json and allows for the use of the primary user Chrome profile, which typically contains personal credentials, cookies, and browsing history.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its interaction with untrusted web content. 1. Ingestion points: The skill reads page content and accessibility snapshots from target URLs using browser tools. 2. Boundary markers: There are no explicit markers or instructions to ignore commands that may be embedded in form fields or web page content. 3. Capability inventory: The skill possesses capabilities to fill forms, click elements, and execute JavaScript on the page via evaluate_script. 4. Sanitization: No sanitization or validation of external web content is evident before it is processed for automation tasks.

autofillin