The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs users to execute code directly from a remote source using the command go run github.com/nichochar/go-rod.github.io/cmd/launcher@latest. The repository belongs to an individual user ('nichochar') rather than the official library organization ('go-rod') or a trusted vendor, which constitutes a risk for executing unvetted code.
[EXTERNAL_DOWNLOADS]: The skill triggers several external downloads during setup and execution:
Fetches the Go-Rod library and stealth plugin from github.com/go-rod/rod and github.com/go-rod/stealth.
Automatically downloads a Chromium browser binary upon first execution.
References a third-party fork of puppeteer-extra from the 'nichochar' GitHub account.
[COMMAND_EXECUTION]: The documentation provides multiple bash commands for environment setup, including go get for package management and go run for executable launching.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its primary function is to process and interact with untrusted external web content.
Ingestion points: Web content enters the agent's context through page.MustNavigate, page.MustElement, and page.MustSearch calls across all example files and documentation.
Boundary markers: There are no boundary markers or instructions provided to the agent to disregard scripts or malicious text embedded in the scraped HTML or JavaScript.
Capability inventory: The skill possesses high-privilege browser capabilities, including the ability to execute arbitrary JavaScript (MustEval, MustEvalOnNewDocument), manipulate the DOM, and intercept/modify network requests (HijackRequests).
Sanitization: The skill does not implement or recommend any sanitization, filtering, or validation of the data retrieved from external URLs before processing it.

go-rod-master