The Agent Skills Directory

[COMMAND_EXECUTION]: The mcp__playwright__browser_run_code tool allows the execution of arbitrary Playwright code snippets. This provides an unrestricted execution environment that can be used to perform actions outside the scope of the predefined tools.
[REMOTE_CODE_EXECUTION]: The mcp__playwright__browser_evaluate tool enables the execution of arbitrary JavaScript within the web page context. This can be abused to manipulate the DOM, steal session information, or interact with sensitive page elements.
[DATA_EXFILTRATION]: The mcp__playwright__browser_network_requests tool exposes all network traffic, including headers and request bodies. This could allow an agent to harvest sensitive credentials, cookies, or API tokens. Additionally, the mcp__playwright__browser_file_upload tool can be used to send local files to remote servers.
[PROMPT_INJECTION]: The skill exposes a large surface for indirect prompt injection. By navigating to arbitrary URLs and capturing page snapshots, the agent may encounter and obey malicious instructions embedded in web content.
Ingestion points: browser_snapshot, browser_evaluate, and browser_console_messages tools ingest untrusted external data.
Boundary markers: None identified. The instructions do not specify how to distinguish between trusted guidance and untrusted page content.
Capability inventory: The skill possesses high-privilege capabilities including code execution, file uploads, and network monitoring.
Sanitization: No sanitization or validation of external web content is mentioned in the instructions.

mcp-playwright