The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is explicitly designed to access and monitor sensitive application states. Examples in the documentation include retrieving authentication tokens from storage via 'localStorage.getItem("token")' and monitoring user-specific identifiers like 'user.id'.- [COMMAND_EXECUTION]: The skill uses powerful system tools ('browser-devtools-cli' and 'node-devtools-cli') to interact with the host environment. It supports attaching to active backend processes by name or PID ('node-devtools-cli ... debug connect --pid 12345'), providing deep access to the runtime environment.- [REMOTE_CODE_EXECUTION]: The skill enables arbitrary dynamic code execution within the context of the application being debugged. The 'run js-in-browser' tool executes scripts in the web frontend, while 'run js-in-node' executes scripts directly inside the connected Node.js backend process.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of untrusted external data. * Ingestion points: Untrusted data enters the agent context via 'get-console-messages', 'get-http-requests' (network traffic), and 'get-as-html' (page content). * Boundary markers: Absent; no delimiters are defined to separate untrusted data from system instructions. * Capability inventory: The skill has high capabilities including arbitrary JavaScript execution and process monitoring across browser and backend contexts. * Sanitization: The skill does not implement sanitization or validation for content retrieved from external sources.

debugging