The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill globally installs the expect-cli package and runs debug-bridge-cli via npx. These are third-party dependencies from unverified sources on the public NPM registry.
[REMOTE_CODE_EXECUTION]: Through the debug-bridge-cli, the skill executes arbitrary JavaScript code via eval within the context of a browser session. This mechanism allows for dynamic execution of code that could be influenced by previous agent instructions or the state of the target web application.
[COMMAND_EXECUTION]: The skill heavily relies on shell command execution, including tmux for background session management, lsof for local port discovery, and open for launching system browsers with session identifiers passed as URL parameters.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8). It ingests untrusted data from the DOM and browser console of the websites being tested. This data is then processed by the agent (e.g., in the 'Inspect DOM' and 'Check for console errors' sections) without explicit boundary markers or sanitization, potentially allowing malicious content on a webpage to influence the agent's behavior.
Ingestion points: Browser console errors and DOM content (SKILL.md).
Boundary markers: None present for browser output processing.
Capability inventory: Subprocess calls via tmux send-keys, package installation via npm, and file system writes via tee (SKILL.md).
Sanitization: No validation or filtering is performed on the data captured from the browser before it is processed by the agent.

browser-verify