The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill automatically downloads and executes the @playwright/mcp package from the NPM registry.
Evidence: references/mcp-validation.md contains commands to start the MCP server: npx @playwright/mcp@latest (Linux/WSL) and cmd /c npx @playwright/mcp@latest (Windows).
Mitigation: Although @playwright is a known scope, using @latest can lead to non-deterministic execution. Pinning versions would be safer.
[COMMAND_EXECUTION] (MEDIUM): The skill executes various system commands to manage the environment and run generated code.
Evidence: SKILL.md instructs the agent to run conda run -n playwright python and conda run -n playwright pip install for missing dependencies.
[REMOTE_CODE_EXECUTION] (MEDIUM): The skill performs dynamic code generation by modifying existing Playwright scripts with data loaded from Excel files, then executes the result.
Evidence: SKILL.md workflow steps 5 (Modify the Playwright script) and 8 (Run the updated script) describe this process.
Risk: If the Excel file (untrusted input) contains malicious strings that are improperly escaped during the script modification phase, it could lead to arbitrary code execution in the local Python environment.
[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection via the processed Excel data.
Evidence: references/excel-loading.md reads and filters data from arbitrary Excel sheets.
Mandatory Evidence Chain: 1. Ingestion points: .xlsx files provided at runtime. 2. Boundary markers: Absent; data is interpolated directly into script patterns. 3. Capability inventory: Subprocess calls (npx, conda), file-write (updating scripts), and network ops (via Playwright). 4. Sanitization: Absent; the loader does not validate or sanitize the cell content before script interpolation.

playwright-excel