The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill core logic in run.js implements a dynamic execution wrapper. It takes JavaScript code from standard input, command-line arguments, or files, wraps it in a template with required dependencies, writes it to a temporary file, and executes it using the require() function. This allows for the execution of arbitrary code generated by the agent.- [COMMAND_EXECUTION]: The run.js file and the package.json configuration use execSync and npm scripts to run shell commands for installing the Playwright library and its associated browser binaries.- [EXTERNAL_DOWNLOADS]: During its setup process, the skill downloads the Playwright package from the npm registry and the Chromium browser from official Microsoft/Playwright infrastructure.- [PROMPT_INJECTION]: The skill is designed to navigate to and extract data from arbitrary web URLs, exposing the agent to indirect prompt injection vulnerabilities where content on a website could attempt to influence the agent's behavior.
Ingestion points: Data enters the agent context through page.goto, extractTexts, and extractTableData in lib/helpers.js.
Boundary markers: The skill lacks any delimiters or specific instructions to treat web-derived content as untrusted data.
Capability inventory: The skill provides full access to Playwright automation, arbitrary JavaScript execution via run.js, and file system access.
Sanitization: There is no evidence of sanitization or filtering of content retrieved from the web.- [DATA_EXFILTRATION]: The skill includes functionality to inject custom HTTP headers via environment variables (PW_EXTRA_HEADERS and PW_HEADER_NAME), which could potentially be used to exfiltrate sensitive environment data or credentials. Furthermore, the automation scripts have the capability to read local files and perform external network requests.

playwright-skill