The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands to initialize sessions, create local directories ($HOME/.hoyeon/), and interface with the browser automation tool chromux. It also writes a 'recon guide' file to the local disk using shell redirects.
[EXTERNAL_DOWNLOADS]: The skill attempts to use npx to download and execute the @team-attention/chromux package from the NPM registry if a local version is not found. This is a vendor-provided tool used for the skill's primary function.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from external websites and uses this data to generate instructions for a sub-agent. Maliciously crafted content on a website could influence the agent's actions.
Ingestion points: Page snapshots and accessibility trees extracted from external URLs (SKILL.md).
Boundary markers: Absent; the scraped content is directly interpolated into the sub-agent prompt without delimiters or warnings (SKILL.md).
Capability inventory: Shell command execution (chromux), filesystem access, and sub-agent delegation (SKILL.md, references/chromux-guide.md).
Sanitization: Absent; no sanitization or validation of the web content is performed before inclusion in the instructions (SKILL.md).

browser-work