The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The script scripts/screenshot.js is vulnerable to command injection through the --output parameter. This value is directly interpolated into a shell command string for ImageMagick (execSync) within the compressImageIfNeeded function without sanitization or escaping. An attacker could execute arbitrary host commands by providing a crafted filename.
COMMAND_EXECUTION (HIGH): The scripts/install-deps.sh script executes sudo to install system packages across multiple Linux distributions. This requires root privileges and performs persistent modifications to the host operating system.
EXTERNAL_DOWNLOADS (LOW): The puppeteer dependency downloads a Chromium browser binary during the installation process. Although typical for this library, it involves fetching and executing external binaries.
REMOTE_CODE_EXECUTION (MEDIUM): The skill uses page.evaluate() to execute JavaScript and interact with DOM elements within the context of external, untrusted websites, presenting an attack surface for code execution in the browser.
COMMAND_EXECUTION (MEDIUM): The browser initialization in scripts/lib/browser.js explicitly includes the --no-sandbox and --disable-setuid-sandbox flags, which significantly degrades the security posture of the Chromium process and host isolation.
COMMAND_EXECUTION (LOW): Indirect Prompt Injection vulnerability surface. Ingestion points: scripts/snapshot.js (DOM elements) and scripts/navigate.js (page titles). Boundary markers: None. Capability inventory: execSync (screenshot.js) and sudo (install-deps.sh). Sanitization: Only basic XPath validation is present in scripts/selector.js.

chrome-devtools