The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses child_process.execSync in scripts/start-server.ts to perform environment management. It identifies and terminates processes on specific ports using lsof and kill -9, and triggers browser installation commands via system package managers.
[EXTERNAL_DOWNLOADS]: The skill automates the download of Playwright browser binaries from Microsoft's registries. It also points users to a third-party GitHub repository (SawyerHood/dev-browser) for an extension component, which is outside the skill author's direct control.
[REMOTE_CODE_EXECUTION]: In src/client.ts, the skill employs dynamic code execution by using eval() within the Playwright page.evaluate() context. This is used to inject the snapshotting logic directly into the browser's execution environment at runtime.
[PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection due to its core function of processing untrusted web data. 1. Ingestion points: Arbitrary website HTML, text, and accessibility snapshots are ingested via page.goto() and getAISnapshot(). 2. Boundary markers: No specific boundary markers or delimiters are implemented to distinguish untrusted web data from the agent's instructions. 3. Capability inventory: The skill possesses extensive host-level capabilities including shell command execution, file system access (writing to tmp/ and profiles), and network requests. 4. Sanitization: No sanitization or validation is applied to content retrieved from external URLs before it is provided to the LLM.

dev-browser