The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/screenshot.js file contains a command injection vulnerability in the compressImageIfNeeded function. The script uses execSync to invoke ImageMagick binaries and directly interpolates the args.output filename into the shell command string. An attacker could provide a malicious filename (containing characters like " and ;) that Puppeteer creates on the filesystem, which then causes arbitrary command execution when the compression utility is called. Evidence: compressionCmd = \${imageMagickBin} "${filePath}" -strip -resize 90% -quality 85 "${tempPath}"`.
[COMMAND_EXECUTION]: The scripts/install-deps.sh script uses sudo to install system packages on Linux distributions, which is a high-privilege operation.
[EXTERNAL_DOWNLOADS]: The skill downloads external software including puppeteer (and its bundled Chromium binary) and debug via Node.js package managers, plus various system libraries via official OS repositories during setup.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: snapshot.js (DOM data) and screenshot.js (visual content). 2. Boundary markers: Absent. 3. Capability inventory: scripts/screenshot.js (command execution), Puppeteer (navigation, interaction). 4. Sanitization: Absent; content from external websites is returned to the agent without filtering.
[COMMAND_EXECUTION]: The scripts/lib/browser.js file configures Puppeteer with --no-sandbox and --disable-setuid-sandbox flags, which reduces the security isolation of the browser process.

chrome-devtools