The Agent Skills Directory

[Indirect Prompt Injection] (LOW): Puppeteer scripts in references/compression-monitoring.md ingest external URLs, creating a surface for indirect prompt injection from malicious web content. Evidence: measurePerformance(url) function. Ingestion point: url parameter. Capability: page.goto(url) and page.evaluate(). Boundary markers: None. Sanitization: None.\n- [Command Execution] (LOW): The skill utilizes puppeteer.launch(), which initiates a browser process. While this is the intended functionality for performance measurement, it represents a capability that could be abused for Server-Side Request Forgery (SSRF) or local network probing if providing unvalidated user input to the Puppeteer function.

web-performance-optimization