The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill grants access to the Bash tool limited to the replayio: prefix. This allows the agent to execute external CLI tools to interact with recordings, which is a powerful capability that should be monitored for unexpected usage patterns.- [DATA_EXFILTRATION] (LOW): The skill provides tools like ConsoleMessages, LocalStorage, and NetworkRequest to inspect the full state of a captured browser session. If a recording contains sensitive information such as API keys, tokens, or PII, the agent has the capability to read and potentially exfiltrate this data.- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from external recordings. Malicious content within console logs or source code could attempt to influence the agent's behavior.
Ingestion points: ConsoleMessages, ReadSource, SearchSources, NetworkRequest tools reading from https://replay.io recordings.
Boundary markers: Absent; there are no instructions to the agent to ignore instructions embedded within the recording data.
Capability inventory: Evaluate (dynamic expression evaluation), Bash(replayio:*) (scoped command execution), and ReadSource (file reading).
Sanitization: Absent; the skill relies on the agent's internal safety filters to handle potentially malicious strings in the recording data.- [DYNAMIC_EXECUTION] (LOW): The Evaluate and Logpoint tools allow the agent to execute JavaScript expressions within the context of the recording. While intended for debugging, this constitutes dynamic code execution on data that could be influenced by the recording's original environment.

replay-mcp