The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill exposes Playwright's evaluate functionality through its CLI (Browse.ts eval) and a local HTTP server endpoint (/evaluate). This capability allows the agent to execute arbitrary JavaScript code within the context of the browser session.
[COMMAND_EXECUTION]: The script Tools/Browse.ts uses child_process.spawn to start the BrowserSession.ts server process and to execute the system-level open command, which launches the user's default browser based on configurations found in the local settings file.
[PROMPT_INJECTION]: The skill possesses a significant surface for indirect prompt injection attacks because it ingests and processes untrusted data from external websites. Ingestion points: Data enters the agent's context through navigate, getVisibleText, and getVisibleHtml functions. Boundary markers: There are no explicit delimiters or instructions to the agent to treat retrieved web content as untrusted. Capability inventory: The skill has powerful capabilities including JavaScript execution (evaluate), form manipulation (fill, click), and file uploads. Sanitization: Web content is returned to the agent without filtering or sanitization.
[EXTERNAL_DOWNLOADS]: The skill depends on the playwright package, which downloads official browser binaries (Chromium, Firefox, Webkit) during installation or initial execution.

Browser