The Agent Skills Directory

[DATA_EXFILTRATION]: The browser-cookies.js tool retrieves and displays all cookies from the active browser session. This exposes sensitive session tokens and authentication credentials to the agent, which could lead to unauthorized account access.
[DATA_EXFILTRATION]: The browser-start.js script includes a --profile flag that copies the user's entire local Chrome profile—containing logins, history, and active sessions—to a cache directory accessible to the agent.
[COMMAND_EXECUTION]: The browser-eval.js script provides a mechanism to execute arbitrary JavaScript code within any open web page. The code is constructed from command-line arguments and executed via a dynamic AsyncFunction constructor, presenting a significant code injection risk.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection attacks as it processes untrusted data from external websites through tools like browser-content.js, browser-hn-scraper.js, and browser-pick.js.
Ingestion points: HTML content, element text, and scraped data from external web pages.
Boundary markers: No delimiters or safety instructions are used to distinguish untrusted web content from internal tool instructions.
Capability inventory: The skill possesses powerful capabilities, including arbitrary JS execution and cookie access, which could be misused if the agent is manipulated by malicious content.
Sanitization: Extracted web content is returned without validation or sanitization, allowing malicious instructions embedded in web pages to potentially influence the agent's behavior.

browser-tools