The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill generates executable JavaScript files based on untrusted user input (Playwright codegen scripts) and instructs the agent to execute them using the node runtime. This pattern allows for arbitrary code execution because the skill incorporates untrusted external input into an executable context without implementing validation or sandboxing.
[COMMAND_EXECUTION]: The skill uses several shell-based commands and local scripts, including ./e2e.sh, agent-browser, and node. These tools provide the necessary environment to run the generated scripts, allowing potentially malicious user-provided code to interact directly with the operating system.
[PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection because it ingests untrusted Playwright scripts and processes them to drive agent actions and code execution without safety boundaries. * Ingestion point: User-provided codegen scripts in SKILL.md Step 1. * Boundary markers: None identified. * Capability inventory: Shell execution (./e2e.sh), file writing (e2e/시나리오/), and Node.js execution (node). * Sanitization: None identified; conversion rules focus on functional transformation rather than security filtering.

peach-e2e-convert