The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from external websites (HTML content, console logs, and network metadata) using browser automation tools, which creates an indirect prompt injection surface.
Ingestion points: Website snapshots via mcp__chrome-devtools__take_snapshot, console output via list_console_messages, and network request metadata.
Boundary markers: The instructions do not include specific delimiters or directions for the agent to ignore instructions embedded in the target website's content.
Capability inventory: The agent has access to powerful browser automation tools for arbitrary JavaScript execution (evaluate_script) and network traffic inspection.
Sanitization: No sanitization or strict schema validation is applied to the data retrieved from websites before it is processed by the agent.
[COMMAND_EXECUTION]: The skill utilizes browser automation MCPs to execute JavaScript snippets on the target website to inspect the window.posthog object and detect other analytics scripts. While these scripts are hardcoded in the skill, the underlying capability involves dynamic interaction with the browser environment.
[DATA_EXFILTRATION]: The skill is designed to extract client-side configuration and identifiers from websites, such as PostHog Project Tokens, API hosts, and Session IDs, and report them directly to the user. This is the intended behavior for debugging but involves automated data extraction from potentially authenticated browser sessions.

posthog-debugger