The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The skill provides an eval.js script intended to execute arbitrary JavaScript within the browser context. This capability can be leveraged to extract sensitive information such as session cookies, local storage, or personal data if the agent is directed to malicious sites.
[Indirect Prompt Injection] (LOW): The skill's primary function involves navigating to external websites, making it vulnerable to instructions embedded in web content.
Ingestion points: Webpage content and DOM elements accessed via nav.js and pick.js.
Boundary markers: Absent; the description does not indicate the use of delimiters or warnings to ignore instructions within page content.
Capability inventory: Includes JavaScript execution (eval.js), file writing (screenshots), and access to authenticated browser profiles.
Sanitization: Not mentioned; data gathered from pages appears to be returned as structured JSON without filtering for malicious directives.
[Unverifiable Dependencies & Remote Code Execution] (LOW): The setup instructions require installing the ws package from npm. While ws is a standard library, the installation occurs in a user-home directory path (~/.claude/skills/browser/browser), which should be monitored for integrity.

browser