The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses child_process.execSync and spawn to execute arbitrary commands on the Windows host from the WSL2 environment via cmd.exe and powershell.exe. This includes the forceful termination of all running Edge processes using taskkill /F /IM msedge.exe /T, which can cause data loss for the user.\n- [REMOTE_CODE_EXECUTION]: The Edge browser is launched with the flags --remote-debugging-address=0.0.0.0 and --remote-allow-origins=*. This configuration exposes the Chrome DevTools Protocol (CDP) to the entire network without origin restrictions. Any device on the local network could connect to port 9222 and use Runtime.evaluate to execute arbitrary JavaScript in the browser context, effectively hijacking the user's authenticated sessions and cookies.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the agent/user to perform an external package installation on the host system (npm install ws), which is a prerequisite for the scraping script.\n- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by scraping untrusted content from the web and providing it to other agent functions.\n
Ingestion points: Web content (HTML and text) is scraped from external URLs and saved to the local filesystem for further processing.\n
Boundary markers: Absent. Scraped data is written to files without delimiters or warnings to indicate that the content is untrusted.\n
Capability inventory: The skill has the ability to execute host commands via cmd.exe, execute JavaScript in the browser via CDP, and write/read files across the WSL/Windows boundary.\n
Sanitization: Absent. Content is extracted directly from the DOM using innerText and outerHTML without filtering or escaping malicious instructions.

authenticated-web-scraper